Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
The value of vulnerabilities
Jason Miller, 2006-03-07

There is value in finding vulnerabilities. Yet many people believe that a vulnerability doesn't exist until it is disclosed to the public. We know that vulnerabilities need to be disclosed, but what role do vendors have to make these issues public?

Comments Mode:
The value of vulnerabilities 2006-03-07
Anonymous (4 replies)
Re: The value of vulnerabilities 2006-03-08
infamous41md
Re: The value of vulnerabilities 2006-03-08
Anonymous
Re: The value of vulnerabilities 2006-03-08
Dancho Danchev
Re: The value of vulnerabilities 2006-03-17
Anonymous
Another viewpoint - The value of vulnerabilities 2006-03-08
Robert E. Lee
The value of vulnerabilities 2006-03-08
Matthew Murphy (1 replies)
Re: The value of vulnerabilities 2006-03-13
John Smith
The value of vulnerabilities 2006-03-08
Anonymous (1 replies)
Re: The value of vulnerabilities 2006-03-13
hi2005
The value of vulnerabilities 2006-03-08
Omar A. Herrera (2 replies)
Re:Good Points 2006-03-08
R_U_Trustified (2 replies)
Re: Re:Good Points 2006-03-09
infamous41md
Re: Re:Good Points 2006-03-09
Matthew Murphy (1 replies)
Re: Re: Re:Good Points 2006-03-14
Robert E. Lee (1 replies)
> A "trusted" operating system in the absolute sense is a theoretical concept. It simply does not exist.

They do exist with varried degrees of assurance that they provide the security mechanisms called for in their design and deployment.

Read the following links for more information:
http://www.commoncriteriaportal.org/public/files/epfiles/CRP
170v3.pdf
http://www.commoncriteriaportal.org/public/files/epfiles/TSo
laris8_Issue3.1.pdf

http://www.commoncriteriaportal.org/public/files/epfiles/ST_
VID4025-VR.pdf
http://www.commoncriteriaportal.org/public/files/epfiles/CCE
VS_VID402-ST.pdf

The 1st two links talk about the security mechanisms Trusted Solaris attempt to provide. It also shows the level of assurance that it provides for. The 2nd two links shows the same type of information for windows 2003.

It's not just theory =).

Robert E. Lee
Dyad Security

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/391/33313#33313
Re: Re: Re: Re:Good Points 2006-03-15
Matthew Murphy (1 replies)
Re: Re: Re: Re: Re:Good Points 2006-03-17
Anonymous
Re: The value of vulnerabilities 2006-03-13
hi2005
The value of vulnerabilities 2006-03-10
Max (1 replies)
Re: The value of vulnerabilities 2006-03-14
Robert E. Lee
Responsible disclosure 2006-03-13
Anonymous (1 replies)
Re: Responsible disclosure 2006-03-14
Robert E. Lee
The value of vulnerabilities 2006-03-16
C. Winchester
What Value? 2006-03-17
Anonymous (2 replies)
Re: What Value? 2006-03-20
infamous41md
Re: What Value? 2006-03-28
Anonymous







 

Privacy Statement
Copyright 2009, SecurityFocus