Tag: bug bounty
-
Patching is important even when it only shows the maturity of your security process
Sometimes a Tweet says more than a 50-minute conference presentation: Bad TLS as an externally measurable metric for whether an organisation has a mature security process, sure. But it aint getting ya no shell. — Metlstorm (@Metlstorm) September 4, 2017 This Tweet by Adam Boileau (best known outside New Zealand as the co-host of the…
-
Patching is important even when it only shows the maturity of your security process
Sometimes a Tweet says more than a 50-minute conference presentation: Bad TLS as an externally measurable metric for whether an organisation has a mature security process, sure. But it aint getting ya no shell. — Metlstorm (@Metlstorm) September 4, 2017 This Tweet by Adam Boileau (best known outside New Zealand as the co-host of the…
-
Security vendors should embrace those hunting bugs in their products
Security software is software too — and it will have flaws. Last week, I was interviewed for the Risky Business podcast . I really enjoyed the experience, not just because I’ve long been a fan of the show, but also because we discussed a subject I really care about: the security of security products. If…
-
VB2014 preview: keynote and closing panel
Vulnerability disclosure one of the hottest issues in security. In the proceedings of the 24th Virus Bulletin conference , the words ‘vulnerabilty’ and ‘vulnerabilities’ occur more than 200 times. I think there is no better way to demonstrate how important a topic this is. Some approach vulnerabilities from a purely defensive point of view: how…
-
Good and bad news for victims of targeted attacks against Microsoft products
Bug bounty program extended; TIFF zero-day used in the wild. This week, Microsoft has good news and bad news for those targeted by zero-day exploits in its products. The bad news is that a new zero-day exploit has been discovered in a graphics library that is used by Office 2010 . To exploit the vulnerability,…