Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Morning Broadband Bytes » Pros & cons of publishing security vulnerabilities
Search Topic:
Uniqs:
5		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
Giant Jap satellite must still obey law of physics »
AuthorAll Replies


TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
·Sprint Mobile Broa..
·Comcast

 Pros & cons of publishing security vulnerabilities

»www.eweek.com/article2/0,1895,1843819,00.asp
The security research company responsible for discovering a software hole later used by the Slammer worm is considering an end to its policy of publishing details of vulnerabilities to public forums.

Speaking with eWEEK at the Black Hat conference here last month, David said that arguments in favor of disclosing details of software holes have lost force in recent years. At the same time, the threats to organizations and individuals on the Internet from organized cyber-crime syndicates and international terrorists have increased.

In the wake of the Slammer worm, NGS changed its disclosure policy. NGS now notifies companies of the holes it discovers and gives them time to create a patch and 90 days to distribute it before releasing vulnerability details to the public.
It seems that NGS has reached a reasonable compromise. If they discover a vulnerability, they give the vendor time to fix it and deploy it before using the club of public disclosure on recalcitrant vendors.

They thereby minimize the possible risk of allowing hackers to unleash an exploit on the public prior to a fix being deployed due to premature disclosure. But they also hold the vendor's feet to the fire by keeping the option of public release available in their back pocket.
--
My Web Page
Join Red Room Forum
to forum · permalink · · 2005-08-09 08:22:29 · Reply to this
Forums » Morning Broadband BytesGiant Jap satellite must still obey law of physics »

Friday, 04-Dec 16:50:32 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [163] Comcast Releasing Promised Usage Meter
· [145] Avast Antivirus Has Gone Mad
· [123] Comcast Makes NBC Universal Acquisition Official
· [104] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [101] Google Invades ISP, OpenDNS Turf With Google Public DNS
· [81] Latest Consumer Reports Survey Not Kind To AT&T
· [80] FCC Ponders Moving From PSTN To IP Voice
· [74] Sprint Defuses GPS Privacy Media Bomb
· [70] Baltimore To Ban Lazy Cable Installs
· [64] Broadband Killed The Game Console
Most people now reading
· False positive in Avast! or is it real? [Security]
· Windows 7 boot manager editing questions [Microsoft Help]
· Long ethernet runs [Wireless Service Providers]
· Maximizing Rogue DPS for ToC/ToGC (3.x) [World of Warcraft]
· DNS options, what are YOU using? [TekSavvy]
· Dr. Tim Ball On the Significance of the CRU Hacked Documents [Canadian Chat]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Nouveau DNS chez Google [Videotron]
· Linux is terrorist - according to MS... [All Things Unix]
· [ Professions] Northrend Herbalism and Mining Tracks [World of Warcraft]