Patches pose significant risk, researchers say

Patches pose significant risk, researchers say
Robert Lemos, SecurityFocus 2008-04-23

A group of four computer scientists urged Microsoft to redesign the way it distributes patches, after they created a technique that automatically produces attack code by comparing the vulnerable and repaired versions of a program.

Expand all | Post comment

Patches pose significant risk, researchers say 2008-04-24
Anonymous (1 replies)

Re: Patches pose significant risk, researchers say 2008-05-05
Anonymous

Huh 2008-04-24
Anonymous (7 replies)

Re: Huh 2008-04-24
Anonymous

Re: Huh 2008-04-25
Anonymous

Re: Huh 2008-04-25
Robert Lemos

First, I will admit the wording is a bit strange, so it will be fixed.

However, there are three cases:

1) the flaw is exploited before the patch is released,

2) the flaw is exploited after the patch is released, and

3) the flaw is not exploited at all.

The original statement is just saying that 1/3 of flaws belong to case (1) and (2), and the rest are not exploited.

-R

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11514/35059#35059

Patches pose significant risk, researchers say 2008-04-24
Anonymous

On the recommendations for Microsoft... 2008-04-25
Mohit

Patches pose significant risk, researchers say 2008-04-27
Anonymous

Found something new to blame Microsoft for? 2008-04-28
Gordon Fecyk

Patches pose significant risk, researchers say 2008-05-01
Anonymous