Plenty of Vulnerabilities to go Around

By ServerWatch Staff (Send Email)
Posted Jan 15, 2010


Evgeny Legerov, founder of Intevydis plans to release a list of vulnerabilities and working exploits in a number of commercial software products. According to the report on Krebs on Security, the list includes Web servers such as Zeus Web Server, and Sun Web Server.


Moscow-based security firm, Intevydis, plans to release information about a number of previously undocumented vulnerabilities in Web servers, databases, and other software products.

At issue is the pesky ethical and practical question of whether airing a software vendor's dirty laundry (the un-patched security flaws that they know about but haven't fixed yet) forces the affected vendor to fix the problem faster than it would have had the problem remained a relative secret. There are plenty of examples that show this so-called "full disclosure" approach does in fact prompt vendors to issue patches faster than when privately notified by the researcher and permitted to research and fix the problem on their own schedule. But in this case, Legerov said he has had no contact with the vendors, save for Zeus.com, which he said is likely to ship an update to fix the bug on the day he details the flaw.

Read the Full Story at Krebs on Security

Page 1 of 1

Tags: database

Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.