Refers to reporting security flaws to vendors and the general public. Normally, vulnerabilities are first reported to the software vendor and then revealed to the public after the vendor has published a patch to fix the problem. If the vendor does not develop a remedy after 30 to 60 days, the discovering party often makes the flaw public. See vulnerability and CERT.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2009 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- Microsoft confirms 'detailed' Windows 7 exploit
- Ummm interesting....so just block 139 and 445...445? great that port aggain.Is SMB blocked to/from internet by th firewall by default?RE: Microsoft confirms 'detailed' Windows 7 exploitPorts 139 and 445 are blocked by default for Internet access by Windows firewall in Windows 7 and any commerical hardware firewall. They are enabled...
- Discussion threads 2009-11-16
- Microsoft probing Windows 7 zero-day hole
- Microsoft said it is looking into a report of a vulnerability in Windows 7 and Server 2008 Release 2 that could be used by an attacker to remotely crash the computer. Microsoft said on Wednesday it is looking into a report of a vulnerability in Windows 7 and Server...
- News items 2009-11-12
- Counting vulnerabilities is pointless
- Suddenly it doesn't matter any more? Vulnerability count is an indication of software qualityIt goes directly to the process the vendor went through to root out vulnerabilities before shipping. At least if you compare products with the same general purpose and which receives the same amount of scrutiny.Time to fix...
- Discussion threads 2009-11-09
- News to know: E-readers; Web OS and IT; VMware; Cisco
- Here are today’s notable headlines. You can get News To Know via email alert and RSS daily. For continuous updates see BNET’s around-the-Web tech coverage. Dion Hinchcliffe: How the Web OS has begun to reshape IT and business Oliver Marks: Course Credits as a...
- Blog posts 2009-09-08
- Adobe plugs critical ColdFusion, JRun vulnerabilities
- Adobe's never-ending run on the security treadmill hit a new gear this week with the release of patches to cover serious vulnerabilities in the ColdFusion and JRun web design and development platforms. The patches, rated critical, cover a total of 7 vulnerabilities, some of which "could lead...
- Blog posts 2009-08-18
- Microsoft: Exploits likely for 'critical' Windows vulnerabilities
- Who cares if exploit code will be released in the futureAs long as it is patched before the exploits are out, the exploits no longer count. Or something like that.Cue the double standards...PS I wonder which one of these was labeled "Bulletin 3" in the pre-patch announcement? According to some...
- Discussion threads 2009-08-11
- Adobe Flash zero-day attack underway; Harden PDF Reader immediately
- Malicious hackers have found a new vulnerability in Adobe's ever-present Flash software and are using rigged PDF documents to launch exploits against Windows targets. The Adobe Flash Player flaw, which is currently unpatched, affects millions of Windows XP and Windows Vista users. Adobe has acknowledged a "potential...
- Blog posts 2009-07-22
- ImageShack hacked by anti-full disclosure movement
- ImageShack hacked by anti-full disclosure movementImageShack should have used Linuxas this would be a non-issue.There's no guarantee with shareThese sites just make it fun for people to enjoy the Internet.RE: ImageShack hacked by anti-full disclosure movementI do not agree with AntiSec. I believe that it is the responsibility of...
- Discussion threads 2009-07-13
- ImageShack hacked by anti-full disclosure movement
- During the weekend, ImageShack, among the Web's top ten most popular free image hosting services got compromised, with the millions of images hosted on it redirected to a single one explaining why it was hacked. The anti-sec group responsible for the compromise describes itself as a "movement...
- Blog posts 2009-07-13
- What Corporate Sustainability can learn from twitter, Robert Scoble & Iran
- [caption id="attachment_763" align="alignleft" width="300" caption="Amanpour: A little more Davos & Friend Feed, a little less Damascus & live feed?"][/caption] The celebrated celebrity blogger, Robert Scoble, is ticked off with CNN over its weak coverage of the Iran election and aftermath. In his most recent blog post -'The day Twitter kicked...
- Blog posts 2009-06-22
- Microsoft patches 31 Windows, IE, Office security holes
- Microsoft's batch of patches this month is a big one: 10 bulletins covering a total of 31 documented vulnerabilities affecting the Windows OS, the Internet Explorer browser and the Microsoft Office productivity suite (Word, Works and Excel). Five of the 10 bulletins are rated "critical," Microsoft's highest...
- Blog posts 2009-06-09
- Apple Patch Day: 67 Mac OS X, Safari vulnerabilities
- Apple Patch Day: 67 Mac OS X, Safari vulnerabilitiesHow about being a real journalistand giving us a count of patches in third-party open source components as opposed to actual OS X patches.One of the big complaints against Apple is that they are slow to update open source patches. So instead...
- Discussion threads 2009-05-12
- Critical security hole in Google Chrome
- Critical security hole in Google ChromeDoes the sandboxing mitigate the problem?[i]A failure to properly validate input from a renderer tab process could allow an attacker to crash the browser and possibly run arbitrary code with the [b]privileges of the logged on user[/b].[/i]Does this apply to v1.x alone or also to...
- Discussion threads 2009-05-06
- Election industry fights open source like it is 1999
- Election industry fights open source like it is 1999Correction: change the insecure in previous posting to secureReally got to look closer at what I post.I have to agree that the electronic election industryNeeds some severe reform, if not the hammer brought down on them. I was ALWAYS suspicious as to...
- Discussion threads 2009-04-21
- Cisco IOS patch day covers multiple vulnerabilities
- Cisco has shipped a batch of patches to cover multiple vulnerabilities affecting IOS, the software that powers the vast majority of Cisco's routers and switches. In all, the company released 8 separate advisories with warnings for information disclosure, privilege escalation, denial-of-service vulnerabilities. The...
- Blog posts 2009-03-25
- MacBook and Safari succumb to hackers
- Charlie Miller came to Vancouver's CanSecWest security conference to defend his title in the PWN 2 OWN hacking contest. Last year Miller took home the MacBook Air and a $10,000 cash prize Thursday after breaking into the machine. This year Miller's MO was the same, bring the...
- Blog posts 2009-03-19
- CanSecWest: Caution, community at play
- Guest editorial by Sarah Blankinship CanSecWest, in beautiful Vancouver BC, is one of my favorite conferences each year. It’s a cozy little security con that brings together security researchers from all parts of the security ecosystem. Like a PhNeutral or a BlueHat, one never quite knows what...
- Blog posts 2009-03-18
- Pwn2Own 2009: Safari/MacBook falls in seconds
- [ UPDATE: IE 8 and Safari also fall ] VANCOUVER, BC -- Charlie Miller has done it again. For the second consecutive year, the security researcher hacked into a fully patched MacBook computer by exploiting a security vulnerability in Apple's Safari browser. ...
- Blog posts 2009-03-18
- What is security transparency?
- Guest editorial by Andrew Storms Transparency is a common theme in politics and Wall Street these days. The 2008 elections, dealings of TARP, financial institutions run a-muck are all places where we hear the word transparency bandied about on a daily basis. While many security professionals speak...
- Blog posts 2009-03-05
- Why full disclosure is an important tool
- Guest editorial by Danny Quist This latest Adobe vulnerability has created a stir on some of the closed mailing lists regarding full disclosure. While I would have liked to think that this debate was over a long time ago, I now realize that everyone has disagreed to...
- Blog posts 2009-03-03
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Save time with automated shipping solutions
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Visit the UPS Business Essentials Guide
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- Can your business work smarter? Learn more about Lotus Symphony
- Learn how to work smarter and optimize cost using the IBM Smart SOA approach Download the eBook
- Smarter ways to make smarter products Read the brief from IBM
