Month: March 2014

The Death and Re-birth of the Full-Disclosure Mail List

[This was originally published on the OSVDB blog.] After John Cartwright abruptly announced the closure of the Full Disclosure mail list, there was a lot of speculation as to why. I mailed John Cartwright the day after and asked some general questions. In so many words he indicated it was essentially the emotional wear and…

March 26, 2014
Missing Perspective on the Closure of the Full-Disclosure Mail List

[This was originally published on the OSVDB blog.] This morning I woke to the news that the Full-Disclosure mail list was closing its doors. Assuming this is not a hoax (dangerously close to April 1st) and not spoofed mail that somehow got through, there seems to be perspective missing on the importance of this event.…

March 19, 2014
Reviewing the Secunia 2013 Vulnerability Review

[This was originally published on the OSVDB blog.] On February 26, Secunia released their annual vulnerability report (link to report PDF) summarizing the computer security vulnerabilities they had cataloged over the 2013 calendar year. For those not familiar with their vulnerability database (VDB), we consider them a ‘specialty’ VDB rather than a ‘comprehensive’ VDB (e.g.…

March 18, 2014
Unknown Vulnerabilities

[This was originally published on the OSVDB blog.] One thing that we emphasize when talking about our database is what it really represents. While we catalog tens of thousands of vulnerabilities more than any other database, we are also upfront that there are still thousands, possibly tens of thousands more vulnerabilities that are already public,…

March 6, 2014