Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Morning Broadband Bytes » Pros & cons of publishing security vulnerabilities
Search Topic:
Uniqs:
1		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
Giant Jap satellite must still obey law of physics »
AuthorAll Replies


GOLFnSUN
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
·Sprint Mobile Broa..
·Comcast

 Pros & cons of publishing security vulnerabilities

»www.eweek.com/article2/0,1895,1843819,00.asp
The security research company responsible for discovering a software hole later used by the Slammer worm is considering an end to its policy of publishing details of vulnerabilities to public forums.

Speaking with eWEEK at the Black Hat conference here last month, David said that arguments in favor of disclosing details of software holes have lost force in recent years. At the same time, the threats to organizations and individuals on the Internet from organized cyber-crime syndicates and international terrorists have increased.

In the wake of the Slammer worm, NGS changed its disclosure policy. NGS now notifies companies of the holes it discovers and gives them time to create a patch and 90 days to distribute it before releasing vulnerability details to the public.
It seems that NGS has reached a reasonable compromise. If they discover a vulnerability, they give the vendor time to fix it and deploy it before using the club of public disclosure on recalcitrant vendors.

They thereby minimize the possible risk of allowing hackers to unleash an exploit on the public prior to a fix being deployed due to premature disclosure. But they also hold the vendor's feet to the fire by keeping the option of public release available in their back pocket.
--
My Web Page
Join Red Room Forum
to forum · permalink · · 2005-08-09 08:22:29 · Reply to this
Forums » Morning Broadband BytesGiant Jap satellite must still obey law of physics »

Tuesday, 10-Nov 22:34:38 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [123] Moto Sold About 100,000 Droids
· [94] Verizon Keeps Swinging At AT&T
· [86] VoIP Over 3G Still Not Working For iPhone
· [67] Government Will Release Some Telco Wiretap Lobbying Documents
· [61] Verizon's Hanging Up On Rural America
· [47] Verizon's Higher ETFs Annoy Senator
· [34] Bill Would Force ISPs To Block Financial Scams
· [30] Sprint Announces Job Cuts
· [24] Mediacom Hints At 50, 100 Mbps Speeds
· [21] Google Offers Free Holiday Airport Wi-Fi
Most people now reading
· [Rant] windows 7 is the most retarded os ever and its broke to [Rants, Raves, and Praise]
· RG Firmware update to VDSL2 this morning [AT&T U-verse]
· I miss trash... [World of Warcraft]
· Google Has Acquired Gizmo5 [VOIP Tech Chat]
· Water heater pilot light won't light [Home Repair & Improvement]
· House inspector failed to find major gas leak [Home Repair & Improvement]
· Windows 7 boot manager editing questions [Microsoft Help]
· Are Gillette Fusion blades made of gold? [General Questions]