Month: January 2015

  • 2013 Superdome Outage a Hack? The Value of Post-Incident Investigations.

    [This was originally published on the OSVDB blog.] As we approach the pinnacle of U.S. sportsball, I am reminded of the complete scandal from a past Superbowl. No, not the obviously-setup wardrobe malfunction scandal. No, not the one where we might have been subjected to a pre-recorded half-time show. The one in 2013 where hackers […]

  • We’re “critical”, not “immature”.

    [This was originally published on the OSVDB blog.] Recently, we got feedback via Twitter that we come across as “immature”. On the surface, perhaps. Not all of our Tweets are critical of CVE though. I replied pretty quickly that said criticism is also us “pushing for them to improve since so much of the industry […]

  • An Analysis of Google’s Project Zero and Alleged Vendor Bias

    [This was originally published on] Google announced a new initiative called Project Zero. The basic premise of the project was that Google invests heavily in their own security and had for quite some time been also tasking their researchers part time work on improving the security of other high-profile products. Project Zero is Google’s […]

  • SQLi Disclosures and the Last Five Years (Transparent Statistics)

    [This was originally published on the OSVDB blog.] Nothing like waking up to a new article purporting to show vulnerability statistics and having someone ask us for comment. But hey, we love giving additional perspective on such statistics since they are often without proper context and disclaimers. This morning, the new article comes from Help […]

  • Microsoft’s latest plea for CVD is as much propaganda as sincere.

    [This was originally published on the OSVDB blog.] Earlier today, Chris Betz, senior director of the Microsoft Security Response Center (MSRC), posted a blog calling for “better coordinated vulnerability disclosure“. Before I begin a rebuttal of sorts, let me be absolutely clear. The entire OSVDB team is very impressed with Microsoft’s transition over the last […]