Tag: Secunia

  • Reviewing the Secunia 2015 Vulnerability Review (A Redux)

    It’s that time of year again! Vulnerability databases whip up reports touting statistics and observations based on their last year of collecting data. It’s understandable, especially for a commercial database, to show why your data source is the best. In the past, we haven’t had a strong desire to whip up a flashy PDF with…

  • Reviewing the Secunia 2013 Vulnerability Review

    [This was originally published on the OSVDB blog.] On February 26, Secunia released their annual vulnerability report (link to report PDF) summarizing the computer security vulnerabilities they had cataloged over the 2013 calendar year. For those not familiar with their vulnerability database (VDB), we consider them a ‘specialty’ VDB rather than a ‘comprehensive’ VDB (e.g.…

  • VDB Relationships (Hugs and Bugs!)

    [This was originally published on the OSVDB blog.] Like any circle in any industry, having good professional relationships can be valuable to involved parties. In the world of security, more specifically Vulnerability Databases (VDBs), the relationships we maintain benefit the community behind the scenes. Like ogres and onions, there are layers. Someone from CVE and…

  • Vulnerability Counts and OSVDB Advocacy

    [This was originally published on the OSVDB blog.] CVE just announced reaching 30,000 identifiers which is a pretty scary thing. CVE staff have a good eye for catching vulnerabilities from sources away from the mainstream (e.g. bugtraq) and they have the advantage of being a very widely accepted standard for tracking vulnerabilities. As companies and…

  • 2007 Black Hat / DEF CON

    Tuesday, July 31st, 2007 – Black Hat – Day 1 Flight was uneventful. McCarran has a new car rental complex a ways from the airport. Leaving the complex dumps you directly on the strip, how convenient! I imagine someone on the tourism board is happy with themselves. Rented from Hertz as usual. While I did…

  • The Upside to the Provenance Problem

    [This was originally published on the OSVDB blog.] As mentioned before, Christey of CVE mentions an ongoing problem in the vulnerability world is that of “provenance”, meaning “where the hell did that come from?!” Vulnerability Databases (VDB’s) like CVE and OSVDB are big on provenance. We want to know exactly where the information came from…

  • Mac vs Windows – More “Statistics”

    [This was originally published by the OSVDB blog.] Yet another article comparing Mac vs Windows, and using statistics to back it up. Since this is getting to be a common occurrence, I won’t go into the usual lecture about statistics, how they can easily be manipulated to back any argument (including how VAX/VMS is the…

  • A Word on Solutions (Use Another Product)

    [This was originally published on the OSVDB blog.] Something lead you to the product that ended up on your systems. Be it a feature, a look, ease of use, or price, it was a driving force in your decision. Changing to a different product isn’t easily done, especially if your current solution is heavily integrated…

  • A Word on Solutions (Edit Source Code)

    [This was originally published on the OSVDB blog.] Often times you will see a VDB or researcher disclosure offer the solution “Edit the source code to ensure that input is properly sanitised.” I’ve never been fond of this for several reasons. First and probably the most obvious, duh? If I proclaim “send food to the…

  • Vulnerability One Trick Pony?

    [This was originally published on the OSVDB blog.] I know the title of this may seem to be a slight on the researches I will use as examples, but that is not the case at all. Some people in the security community have a perception that some vulnerability researchers are so-called “one trick ponies“, meaning…