[Previous entry: "Some updated links on my Oracle security papers page"] [Next entry: "reading redo logs - The hard way"]
Frank has a good post about security vulnerability reporting
April 25th, 2005 by Pete
Post to del.icio.us
Post to Furl
I saw Franks post about vulnerability reporting last week and made a note to and read it when i had a chance. That chance came this evening. Franks post is titled "General security: Security Vulnerability reporting". This post by Frank is very interesting and is based around an article "Security Vendor Pushes the Limits of Ethical Exploit Reporting" written on DevX.com about a company called HexView.
As Frank says this paper is about HexViews policy of disclosing about a vulnerability (an MS Access issue in this case) 24 hours after it was reported to the vendor. Frank grows on to give some great insights based on the recent OWASP conference in London that he attended recently, particularly a keynote on terrorism he heard there. Frank talks in detail about the risks involved in reporting vulnerabilities, writing about them in public forums, writing further about exploits and explaining how they work.
There are some great insights and thoughts in this post. Read it!
