Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Panel Probes the Half-life of Bugs
Kevin Poulsen, SecurityFocus 2003-07-30

LAS VEGAS--Software security holes never die, they fade from the Internet at a rate of 50% every thirty days after a patch is released, according to the results of a study released at the Black Hat Briefings security conference here Wednesday.

Comments Mode:
Panel Probes the Half-life of Bugs 2003-07-31
Anonymous (1 replies)
"The guidelines would give vendors at least 30 days to produce a patch for a vulnerability before a bug-finder goes public with it. The bug-finders would then withhold exploit code and technical details for another 30 days after the advisory.

"

When a bug is published, withing a few days to a wee...

[ more ]  [ reply ]
Panel Probes the Half-life of Bugs 2003-07-31
Anonymous
Now Now...

LSD *DID* alert Microsoft prior to releasing the details of the bug. They had exploit code but withheld it. *ANOTHER* group crafted the exploit code and released it.

It's *BECAUSE* LSD held back on publicly releasing the details of the bug that Microsoft was able to have a patch o...

[ more ]  [ reply ]
Panel Probes the Half-life of Bugs 2003-08-01
Anonymous
i think it is sad that the public notification wasnt more widespread and noted as a very serious and real threat as i out lined here ... http://nothackers.org/pipermail/0day/2003-July/000143.html

and the curent msnbc story was practically lifted from my forensics report at http://exploit.wox.org/...

[ more ]  [ reply ]
Panel Probes the Half-life of Bugs 2003-08-02
comp-secure (at) iservhost.com (dot) au [email concealed]
I think that microsoft have over looked there operating systems source code too much not to notice such a huge bug in there packages.

Source code to exploits should not be realeased at all, companies sufer too much already with all the current and old vulnerabilities that have been released.

N...

[ more ]  [ reply ]
Panel Probes the Half-life of Bugs 2003-08-06
Anonymous
My reaction to the opening statement, "Software security holes never die, they fade from the Internet at a rate of 50% every thirty days after a patch is released" is

did they include CodeRed and Nimbda?

I find a very consistent % of blocked attempts in my web logs of these exploits. Granted,...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus