republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Morning Broadband Bytes » Pros & cons of publishing security vulnerabilities
Uniqs:
4		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
Giant Jap satellite must still obey law of physics »

TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
·Sprint Mobile Broa..
·Comcast

Pros & cons of publishing security vulnerabilities

»www.eweek.com/article2/0,1895,1843819,00.asp
The security research company responsible for discovering a software hole later used by the Slammer worm is considering an end to its policy of publishing details of vulnerabilities to public forums.

Speaking with eWEEK at the Black Hat conference here last month, David said that arguments in favor of disclosing details of software holes have lost force in recent years. At the same time, the threats to organizations and individuals on the Internet from organized cyber-crime syndicates and international terrorists have increased.

In the wake of the Slammer worm, NGS changed its disclosure policy. NGS now notifies companies of the holes it discovers and gives them time to create a patch and 90 days to distribute it before releasing vulnerability details to the public.
It seems that NGS has reached a reasonable compromise. If they discover a vulnerability, they give the vendor time to fix it and deploy it before using the club of public disclosure on recalcitrant vendors.

They thereby minimize the possible risk of allowing hackers to unleash an exploit on the public prior to a fix being deployed due to premature disclosure. But they also hold the vendor's feet to the fire by keeping the option of public release available in their back pocket.
--
My Web Page
Join Red Room Forum
permalink · 2005-08-09 08:22:29 · Print · Reply to this
Forums » Morning Broadband BytesGiant Jap satellite must still obey law of physics »

Friday, 04-Dec 03:01:45 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [162] Comcast Releasing Promised Usage Meter
· [140] Avast Antivirus Has Gone Mad
· [104] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [100] Comcast Makes NBC Universal Acquisition Official
· [85] Google Invades ISP, OpenDNS Turf With Google Public DNS
· [81] Latest Consumer Reports Survey Not Kind To AT&T
· [70] Baltimore To Ban Lazy Cable Installs
· [65] Sprint Defuses GPS Privacy Media Bomb
· [64] Broadband Killed The Game Console
· [58] FCC Ponders Moving From PSTN To IP Voice
Most people now reading
· False positive in Avast! or is it real? [Security]
· Windows 7 boot manager editing questions [Microsoft Help]
· Warrior tank seem underpowered these days [World of Warcraft]
· Maximizing Rogue DPS for ToC/ToGC (3.x) [World of Warcraft]
· [WIN7] Outlook express under Windows 7? [Microsoft Help]
· [Business] how to bridge a smc 8014 business class modem [Comcast HSI]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· [TWC] Audio/Video outage in Brooklyn [Time Warner Cable TV/Voice]
· [WotLK] Whats the level 80 pve spec for mages? [World of Warcraft]
· Heating - my dad gave me this advice... [Home Repair & Improvement]