SecurityRatty: tag: exploitability

Exploitability Index - More Information for Customers

2008-08-06 16:20:56 by jrjones in Jeff Jones Security Blog

...Exploitability Index" for each of the vulnerabilities addressed by the bulletin Based upon talking with Microsoft customers over the past five years, they are always looking for that little bit of extra information to help make prioritization decisions. An obvious example of this is the severity attached to the vulns. However, as explained by...

Tags: microsoft, microsoft security, information, security, bulletin, security bulletin discussion, exploitability index, index, customers

More on Application Security Metrics

2008-05-08 20:05:00 by Security Retentive in Security Retentive

...exploitability standpoint, its fairly clear that implementation defects are probably the first issues we want to fix At the same time, we do need to balance that against the damage that can be done by an architectural flaw, and just how difficult they can be to fix, especially in deployed software. Take as an example Lanman authentication....

Tags: defects, fundamental design defects, fewer defects, architectural defects, implementation defects, security, application, security design, software developers

When Will the Media Industry Embrace the BORA Principle?

2007-03-22 10:06:00 by Eric Marvets in The Security Samurai

...exploitability of the entity once compromised Many industries have fought BORA, which is akin to fighting gravity. I can think of three this morning, namely the software, credit card, and media industries. Its infuriating to think of all the revenue lost and the exorbitant externalities bore by an unassuming public all because these...

Tags: credit card, credit, credit card industry, credit card fraud, industry, media industry, cut fraud, fraud, credit cards

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle

...exploitability of program failures to the upcoming annual security issue of MSDN Magazine in November To recap, we had a debugging plug-in (mini-debugger) that not only monitored for exceptions but also reduced the number of exceptions to triage after a fuzzing session was completed. This also included monitoring for CPU and memory spikes as...

Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions

Vulnerability Events

2008-03-30 17:20:05 by JonesJ in RiskAnalys.is

...exploitability. At that instant, the knowledge component of the threat communitys capability changed, and their resources likely changed soon after, when exploit code was developed Vulnerability, not loss Heres another example prompted by an excellent question posed by Stacy on the layer8.itsecuritygeek blog essentially, how should we...

Tags: vulnerability, relative term, term, loss events occur, loss events, vulnerability events matter, loss, actual loss, relative term requires

NULL pointer exploit excites researchers

2008-04-17 00:00:00 by HASH0x8b3cd84 in Network World on Security

...exploitability of buffer overflows and introduced techniques that would form the basis of proving that a vulnerability was exploitable (as well as the basis of any number of exploits themselves

Tags: information security researchers, inherent exploitability, basis, buffer overflows, exploits, stack, form, world, profit

Microsoft to predict exploitability of its own bugs

2008-08-05 13:00:00 by Editor in Computerworld Security News

In a move toward improving its metrics mojo, Microsoft has announced that as of October, it will rate all new vulnerabilities according to the likelihood that they can actually be exploited. It will also will share information with some vendors before everyone else gets patches

Tags: share information, metrics mojo, microsoft, vulnerabilities, october, move, vendors, patches, likelihood

Fun Reading on Security - 6

2008-08-07 18:01:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...Exploitability Index . Smart ... or misguidedly focused on "vulnerability release" (and not creation Chip-n-PIN, a PCI killer? I don't think so Mike R revisits "good enough security" - read it , then review your IR plans (...for you will be 0wned Very fun RSA survey here ; data leakage beats malware again, people still not report incidents...

Tags: security, fun, academic security research, security gap, fun essay, common security sense, fun rsa survey, it-grc, it-grc vendors

Microsoft to Rate Exploit Potential

2008-08-11 07:30:39 by Editor in Computerworld Security News

Microsoft plans to begin rating the potential exploitability of security flaws in its software, based on an assessment of the likelihood that attackers will try to take advantage of them

Tags: potential exploitability, microsoft plans, security flaws, attackers, advantage, assessment, software, based, likelihood

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo