[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200707192006.l6JK66Xa007191@mail-1.llnl.gov>
Date: Thu, 19 Jul 2007 13:06:08 -0700
From: "Zow" Terry Brugger <zow@...l.gov>
To: Chris Stromblad <cs@...post24.com>
Cc: Gadi Evron <ge@...uxbox.org>, bugtraq@...urityfocus.com
Subject: Re: Internet Explorer 0day exploit
> ideal world. Many of the advisories I look at almost always cover the
> same type of vulnerability. Shouldn't we have learned by now, if we
> consider your argument?
It's been a while, but one of the great things I've seen Bugtraq used for is
to look at the distribution of vulnerabilities. In the past few years, my
perception is that there's been a decline in the number of buffer overflow
attacks and most of what we see today are web attacks like cross-site
scripting and remote file injection. Seeing these trends is important because
it tells us as a community where we need to focus our efforts.
> However, perhaps one/I just need to shift the way I look at advisories.
> Rather than seeing them as "late" and "out-of-date", they could be an
> additional source of information about a particular system. I'll accept
> that.
That too. Let me tell you, if I ever need to set up a web forum for
something, I'm going to look at Bugtraq to see what the track record is for
the systems I'm considering.
> are almost at the verge of being completely void. A remedy for that
> would be to have the security community agree on a common "advisory
> protocol" that defines a guideline for contents in an advisory. Anyways,
Great idea! Much like the RFP vendor notification policy (Which I haven't
seen mentioned in a while, so I encourage everyone doing vulnerability
research to see http://www.wiretrip.net/rfp/policy.html). Anyone care to
propose a template (presumably if someone who the community respects does so,
it's more likely to catch on)?
Terry
import standard.disclaimer;
Powered by blists - more mailing lists