SecurityRatty: tag: vulnerability

Measuring Vulnerability

2008-04-14 14:31:38 by JonesJ in RiskAnalys.is

...vulnerability Apologies in advance, for the length of this post In a perfect world wed know which specific threat agent was going to act against us and know the capability of that threat agent in absolute terms (e.g., pounds per square inch), as well as know (through testing) what our resistance capabilities are in those same absolute terms....

Tags: threat capability curve, capability, human capability, human threat capability, describe control strength, control strength, capability curve, threat community capability, control

Vulnerability Events

2008-03-30 17:20:05 by JonesJ in RiskAnalys.is

...vulnerability is discovered in (for example) an operating system, does that mean the system was vulnerable all along? As I see it, the answer is No The rationale behind this answer is based on the fact that weakness (a.k.a. vulnerability) is a relative term. Logically, a relative term requires at least two components one relative to another....

Tags: vulnerability, relative term, term, loss events occur, loss events, vulnerability events matter, loss, actual loss, relative term requires

The Ethics of Vulnerability Research

2008-05-14 11:29:45 by schneier in Schneier on Security

...vulnerability in a software program on it. This was true in the 1960s when buffer overflows were first exploited to attack computers. It was true in 1988 when the Morris worm exploited a Unix vulnerability to attack computers on the Internet, and it's still how most modern malware works Vulnerabilities are software mistakes--mistakes in...

Tags: software security experts, software, vulnerabilities nurtures, vulnerabilities, exploitable vulnerabilities, vulnerabilities lie dormant, security vulnerabilities, computer, computer security experts

Cost of vulnerability

2007-03-05 21:19:05 by RaviC in Musings on Information Security

...vulnerability in his code where a hacker could easily hijack a user session. I set up a demo scenario for this and walked up to his office to bring this to his attention. His response to my discovery was more amazing than the vulnerability itself. He thumped his clenched fist on the table and avered " My code is bullet proof". By his immature...

Tags: vulnerability, vulnerability determines, cost, demo scenario, easily, easily hijack, extremely brilliant, preserve company, bullet proof

Vulnerability Management - Yeah Baby, Groovy!

2008-03-21 14:02:49 by HASH0x8b46e44 in StillSecure, After All These Years

...Vulnerability Management Tools . I felt like I had been in suspended animation for years and just woke up. I have not seen an article on vulnerability management in forever and ever. There was nothing earth shattering in this article. Meat and potatoes VM. That is vulnerability management, not virtual machines. The fact that VM is more...

Tags: vulnerability management, term vulnerability management, vulnerability management tools, austin powers moment, article, infosec world conference, speaks volumes, trendy anymore, virtual machines

Vulnerability Management - Yeah Baby, Groovy!

2008-03-21 15:02:49 by ashimmy in StillSecure, After All These Years

...Vulnerability Management Tools . I felt like I had been in suspended animation for years and just woke up. I have not seen an article on vulnerability management in forever and ever. There was nothing earth shattering in this article. Meat and potatoes VM. That is vulnerability management, not virtual machines. The fact that VM is more...

Tags: vulnerability management, term vulnerability management, vulnerability management tools, austin powers moment, article, infosec world conference, speaks volumes, trendy anymore, virtual machines

SQL Server - Fact Checking Recent Vulnerability History

2008-03-05 22:53:36 by jrjones in Jeff Jones Security Blog

...Vulnerability Database (NVD) http://nvd.nist.gov for "Microsoft" and "SQL" and found only three issues disclosed since July 2003 (only 3 in the 4.5 years). It turns out only one of them may be attributed to SQL and even then, it is a client side control CVE-2004-1560. This one was disclosed in Sep-04 and only affected SQL Server 7...

Tags: server, claim sql server, sql, sql server team, sql vulnerabilities, vulnerabilities, sql server, vulnerability, sql team

Risk vs Vulnerability

2007-12-18 17:51:44 by Chris Wysopal in Zero in a bit

...vulnerability counts. Anything comparing the security of these two companies becomes controversial. I think that any analysis of vulnerability counts should include a paragraph on risk vs. vulnerabilities to diffuse the Mac fanboys. I might be able to leave my backdoor safely unlocked (a vulnerability) in the suburbs of Boston in Concord, MA....

Tags: vulnerability, risk, vulnerability counts, risk environment, backdoor, backdoor safely, secure, average due, hacker challenge

More thoughts on vulnerability

2008-04-07 13:34:01 by JonesJ in RiskAnalys.is

...vulnerability as if its a binary condition. Something is vulnerable or its not. But whether we realize it or not, what were really doing when we say that something is or isnt vulnerable, is making unstated assumptions and generalizations about threat capability relative to the control in question Of course, some folks insist that we have to...

Tags: capable threat agent, threat agent, capable, password, vulnerability, six-character password, vulnerable, -character password, numeric

Webcast: Web Application Vulnerability Management with Core Security

2008-03-24 22:43:23 by rmogull in securosis.com

...Vulnerability Management Program with Core Security , the makers of Core Impact Thats right folks, I actually know about something other than information-centric security and Macs This is going to be a bit of a different one designed to walk the line between the tactical and the strategic. Im going to start by talking about the major web...

Tags: vulnerability, security, core security, bit, vulnerability management program, bit broader context, level overview, level, web application issues

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo