SEARCH RESULTS
 
Showing 1-10 of 490 records
 
Expand article

Vulnerabilities in Antivirus Software - Conflict of Interest

The Article has images
2008-07-24 04:38:07 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Vulnerabilities within security solutions -- antivirus software in this case -- are a natural event, however, the conflict of interests and failure of communication between those finding them and those failing to acknowledge them as vulnerabilities in general, harms the customer. How they get count, and how is their severity measured in a...
 
Tags: vulnerabilities, day vulnerabilities, security vulnerabilities, antivirus software, day vulnerabilities auction, software vulnerabilities, products, runs claims, security products
 
 
 
 
Expand article

The Economics of Finding and Fixing Vulnerabilities in Distributed Systems

2008-11-18 22:47:55 by Gunnar Peterson in 1 Raindrop
 
...Vulnerabilities in Distributed Systems Quality of Protection Keynote Alexandria, VA October 27. 2008 Gunnar Peterson Managing Principal, Arctec Group Blog: http://1raindrop.typepad.com When Andy Ozment asked me over the summer to do this talk at QoP, I knew back in August that the topic I wanted to address was security and economics. So to...
 
Tags: information security, information, information security spends, safety information security, versus information security, information security budgets, information security budget, software security, software security space
 
 
 
 
Expand article

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle
 
...vulnerabilities in various Symantec email security products. The bugs caught my eye for a number of reasons First and foremost, security bugs in security products are always of great interest and concern to me, because customers use security technology to defend themselves from attack Second, I like to analyze security vulnerabilities in...
 
Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers
 
 
 
 
Expand article

Getting vulnerabilities in the application fixed

2007-10-27 13:20:07 by RaviC in Musings on Information Security
 
...vulnerabilities that is detected in the application Let us accept the fact that developers are mostly busy focusing their time and effort on the functionality of application. Most of the time the software development manager gets away by using the busy excuse. One approach that I suggest you could is to rank the vulnerabilities based on...
 
Tags: vulnerabilities, software development manager, vulnerabilities based, risk acceptance form, risk, severitythreat vulnerabilities, form, form acknowledge, application
 
 
 
 
Expand article

Download: H1 2008 Desktop OS Vendor Report - Vulnerabilities and Days-of-Risk

2008-10-27 07:00:00 by jrjones in Jeff Jones Security Blog
 
...vulnerabilities fixed by Apple, Microsoft, Red Hat and Ubuntu during the first half of 2008. At the vendor level, the report examines all vulnerabilities as well as Days of Risk (DoR) associated with those vulnerabilities. The report further drills down to examine just those issues affecting the commonly installed desktop operating system...
 
Tags: vulnerabilities, vulnerabilities fixed, report, windows vista customers, windows vista, fixed, days, windows, average days
 
 
 
 
Expand article

Blue Box #74: 2008 Crystal Ball Edition, Asterisk and Trixbox vulnerabilities, top 10 lists, VoIP security trends for 2008 and more....

2008-01-08 16:42:40 by HASH0x8940138 in Blue Box: The VoIP Security Podcast
 
...vulnerabilities, top 10 lists, VoIP security trends for 2008 and more Welcome to Blue Box: The VoIP Security Podcast #74, a 44-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions Download the show here (MP3, 20MB) or subscribe to the RSS feed to download the show automatically You may also listen...
 
Tags: trends, vulnerabilities, voip security trends, security, trixbox vulnerabilities, voip vulnerabilities, listener comment line, comment line, top
 
 
 
 
Expand article

Blue Box #74: 2008 Crystal Ball Edition, Asterisk and Trixbox vulnerabilities, top 10 lists, VoIP security trends for 2008 and more....

2008-01-08 17:42:39 by Dan York in Blue Box: The VoIP Security Podcast
 
...vulnerabilities, top 10 lists, VoIP security trends for 2008 and more Welcome to Blue Box: The VoIP Security Podcast #74, a 44-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions Download the show here (MP3, 20MB) or subscribe to the RSS feed to download the show automatically You may also listen...
 
Tags: trends, vulnerabilities, voip security trends, security, trixbox vulnerabilities, voip vulnerabilities, listener comment line, comment line, top
 
 
 
 
Expand article

Vulnerabilities and Office Versions

2008-12-01 07:19:33 by Editor in Cheap Hack
 
...vulnerabilities have made has been in Microsoft Office. Some of the great attacks of all time (remember LoveLetter?) have been through Office bugs, and I believe most targeted attacks over the last few years have utilized vulnerabilities in Office document parsers. That's why it's encouraging that Microsoft has done a much better job in...
 
Tags: office versions, office, microsoft office, versions, office secure, office bugs, vulnerabilities, office document parsers, accompany office
 
 
 
 
Expand article

What If All Vulnerabilities Had This Disclosure Timeline?

2008-02-07 02:08:33 by Chris Wysopal in Zero in a bit
 
...vulnerabilities in its shipping products. Still, the first disclosure time line is troubling Gleg knew how to reproduce this problem at least a month before yet they didnt tell the vendor, just their customers. Its unclear what benefit Glegs customers get from the vendor not knowing this information unless they use this information to...
 
Tags: vulnerability finders, vulnerability, vulnerability exists, heap overflow vulnerability, gleg realplayer vulnerability, gleg customer, customer, gleg, exploit code