Tag: IBM
-
Rest In Peace IBM X-Force Vulnerability Database
Within the vulnerability ecosystem, the CVE project / vulnerability database is certainly the most well-known. Over the past 30 years many others have come and gone, and others are still around. Some of you will recognize SecurityFocus BID, Open Sourced Vulnerability Database (OSVDB), Secunia, VulnDB, OSV, and others. Started in 1997, there is another that…
-
Reporting on the IBM 2025 Report
On April 16, 2025, IBM posted their X-Force 2025 Threat Intelligence Index. Like many reports of this nature, it covers a wide variety of aspects relating to threat intelligence. Of course, one of those aspects is vulnerability intelligence and this report has a section for that. You are reading this so you can guess where…
-
IBM Has Failed Its Customers
[I took these notes between 2013 – 2014 primarily, about all the frustrations with IBM and their vulnerability disclosures. They have improved in many ways since then, to be sure. But there are still frustrations around how they refer to e.g. ‘Fix pack’, product naming confusion, and more. Since these notes, IBM has rebranded entire…
-
VDB Relationships (Hugs and Bugs!)
[This was originally published on the OSVDB blog.] Like any circle in any industry, having good professional relationships can be valuable to involved parties. In the world of security, more specifically Vulnerability Databases (VDBs), the relationships we maintain benefit the community behind the scenes. Like ogres and onions, there are layers. Someone from CVE and…
-
Dr. Jekyll and Mr. Hide (Sun & Disclosure)
[This was originally published on the OSVDB blog.] Today just happened to be the right day where I saw the Jekyll and “Hide” of Sun though. A few days ago, |)ruid posted about a Solaris ypupdated vulnerability in which he says it corresponds to CVE-1999-0208 / OSVDB 11517. Given the original vulnerability was published in…
-
The Purpose of Tracking Numbers.. (IBM)
[This was originally published on the OSVDB blog.] First it was HP, then it was Sun. Not to be outdone, IBM steps up and gives VDBs a headache. APAR IZ00988 is “sysrouted” to APAR IZ01121 and APAR IZ01122. Really IBM, the amount of information common to all three pages is overwhelming. Do you really need…
-
2007 Top Vulnerable Vendors?
[This was originally published on the OSVDB blog.] http://www.eweek.com/article2/0,1895,2184206,00.asphttp://www.eweek.com/c/a/Security/Report-MS-Apple-Oracle-Are-Top-Vulnerable-Vendors/ New IBM research shows that five vendors are responsible for 12.6 percent of all disclosed vulnerabilities. Not surprising: In the first half of 2007, Microsoft was the top vendor when it came to publicly disclosed vulnerabilities. Likely surprising to some: Apple got second place. IBM Internet…
-
Why I’m So Behind
[This was originally published on the OSVDB blog.] Another night of working on OSVDB, mainly focusing on vulnerability import and creating our entries to cover issues. Most nights end with between 25 and 50 new entries and a feeling of accomplishment. Well, other manglers can see the accomplishment if they check the back end, and…
-
Should you spy on your employees?
[This was originally published on IBM Developer Works.] Should you spy on your employees?Why, when, and how to electronically monitor your staff Brian MartinDSIC Security GroupFebruary 2001 If you run a warehouse, you can spot pilfering by the number of empty boxes, or perhaps by noticing that employees are walking out with TV sets on…
-
Securing your network; Your startup’s survival depends on it
[This was originally published on IBM Developer Works and is mirrored on attrition.org.] Collecting customer demographics is good, and collecting payments online is good. But it isn’t good if this information is stolen from your company’s computers. Brian Martin examines how — and how often — this really happens, and what you can do to…