lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Nov 2010 01:59:52 +0100 From: "ACROS Security Lists" <lists@...os.si> To: <bugtraq@...urityfocus.com>, <full-disclosure@...ts.grok.org.uk>, <cert@...t.org>, <si-cert@...es.si> Subject: The Unbearable Lightness Of Non-Fixing: A Short Study in Security Reactiveness And Proactiveness Roughly 100 days after the Binary Planting (a.k.a. DLL hijacking, DLL preloading, Insecure Library Loading) vulnerability has been (re)discovered in hundreds of Windows applications (and likely undiscovered in thousands more), we've taken a unique opportunity to compare software vendors' fixing of publicly known vulnerabilities to their fixing of publicly unknown ones. We hope our short study will provide the research community with a bit of insight into the elusive world of "unknown unknowns" that is *actual* security. http://blog.acrossecurity.com/2010/11/unbearable-lightness-of-non-fixing.html Pleasant reading, Mitja Kolsek CEO&CTO ACROS, d.o.o. Makedonska ulica 113 SI - 2000 Maribor, Slovenia tel: +386 2 3000 280 fax: +386 2 3000 282 web: http://www.acrossecurity.com ACROS Security: Finding Your Digital Vulnerabilities Before Others Do
Powered by blists - more mailing lists