| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <449D928E.7050604@brvenik.com> Date: Sat Jun 24 20:29:28 2006 From: security at brvenik.com (Jason) Subject: Amazon, MSN vulns and.. Yes, we know! Mostsites have vulnerabilities David Taylor wrote: > I surely didn't intend for this thread to end up going in the direction it > did. I was basically just trying to say I am concerned with the numerous > advisory/exploit release on the same day. No matter what the reason. And > perhaps there still isn't a definition of 0-day that everyone agrees on. I > basically understand it the way wikipedia has it listed. > There are several interpretations of 0-day but the basic theme is that an 0-day is better than a NO-day. For the normal people in the world that simply want to be able to go to work and make some money it can be inconvenient. The fact remains that everyone has the ability to respond in a way that is appropriate once an issue is known. Not disclosing the issue, even if the vendor has patched it, does not help. The entities that intend on exploiting vulnerabilities are fully capable of reversing a patch and discovering the vulnerability. In days past a vulnerability may have gone completely unnoticed and patched in due time as a bug; the vulnerability still existed. I would argue that the number of vulnerabilities discovered has not really increased but awareness certainly has. The composition of vulnerability disclosures has also changed but the overall number when compared to impact is not significantly different.
Powered by blists - more mailing lists