Dr. Jekyll and Mr. Hide (Sun & Disclosure)
Today just happened to be the right day where I saw the Jekyll and “Hide” of Sun though. A few days ago, |)ruid posted about a Solaris ypupdated vulnerability in which he says it corresponds to...
View ArticleWho's to blame? The hazard of "0-day".
This blog entry is probably worth many pages of ranting, examining and dissecting the anatomy of a 0-day panic and the resulting fallout. Since this tends to happen more often than some of us care to...
View ArticleThe Black Market Code Industry
Adam Penenberg wrote an article titled ”The Black Market Code Industry” for FastCompany in which he details his research of two HP employees that actively sold exploit code in their spare time, at...
View ArticleWho discovered the most vulns?
This is a question OSVDB moderators, CVE staff and countless other VDB maintainers have asked. Today, Gunter Ollmann with IBM X-Force released his research trying to answer this question. Before you...
View ArticleVendors & researchers, no more decade old embargo!
Vulnerabilities reported ten years ago, they have no impact on your customers. If they do, then you are woefully behind and your customers are desperately hanging on to legacy products, scared to...
View ArticleResponsible Disclosure - Old Debate, Fresh Aspects?!
Earlier this evening, there was a Twitter debate regarding a proposed standard for responsible vulnerability disclosure. It referred to ISO/IEC 29147, a proposed standard for responsibly disclosing a...
View ArticleMicrosoft, Aurora and something about forest and trees?
Perhaps it is the fine tequila this evening, but I really don't get how our industry can latch on to the recent 'Aurora' incident and try to take Microsoft to task about it. The amount of news on this...
View ArticleiDefense VCP as seen through OSVDB
In 2002, iDefense started their Vulnerability Contributor Program. The VCP was created to solicit vulnerability information from the security community and pay researchers for the information. Paying...
View ArticleFascinating Vulnerability and Glimpse Into 33 Year Old Pen-Testing
Today, we pushed OSVDB 82447 which covers a backdoor in the Multics Operating System. For those not familiar with this old OS, there is an entire domain covering the fascinating history behind the...
View ArticleResearcher Security Advisory Writing Guidelines
Researcher Security Advisory Writing Guidelines Open Security Foundation / OSVDB.org moderators at osvdb.orgThis document has been prepared by the Open Security Foundation (OSF) to assist security...
View Article
More Pages to Explore .....