Tag: Steven Christey

  • If You Can’t, How Can We?

    [This was originally published on the OSVDB blog.] Steve Christey w/ CVE recently posted that trying to keep up with Linux Kernel issues was getting to be a burden. Issues that may or may not be security related, even Kernel developers don’t fully know. While this is a good example of the issues VDBs face,…

  • Coffee makers are SCADA, right?!

    [This was originally published on the OSVDB blog.] Steven Christey of CVE posted asking a question about VDBs and the inclusion of coffee makers. Yes, you read that correctly, vulnerabilities are being found in coffee makers that are network accessible. Don’t be surprised, we all knew the day was coming when every household appliance would…

  • 2007 Black Hat / DEF CON

    Tuesday, July 31st, 2007 – Black Hat – Day 1 Flight was uneventful. McCarran has a new car rental complex a ways from the airport. Leaving the complex dumps you directly on the strip, how convenient! I imagine someone on the tourism board is happy with themselves. Rented from Hertz as usual. While I did…

  • Not Local.. Not Remote..

    [This was originally published on the OSVDB blog.] Several of us working on VDBs have debated over the years how best to handle vulnerabilities that aren’t necessarily remote or local. Issues like image or archive handling vulnerabilities, where the program processing a malformed file is prone to an overflow, traversal or denial of service. While…

  • The Perfect Patch Storm

    [This was originally published on the OSVDB blog.] Steven Christey of CVE recently commented on the fact that Microsoft, Adobe, Cisco, Sun and HP all released multi-issue advisories on the same day (Feb 13). My first reaction was to come up with an amusing graphic depicting this perfect storm. Due to not having any graphic…

  • CVE Commentary

    [This was originally published on the OSVDB blog.] http://cve.mitre.org/cve/edcommentary.html#community_issues CVE editor Steven Christey has begun to post commentary related to CVE and VDBs. [2013-07-07 Update: This effort didn’t last long. The last update was 2006-02-16, 4 days after this blog post. =(]

  • The Upside to the Provenance Problem

    [This was originally published on the OSVDB blog.] As mentioned before, Christey of CVE mentions an ongoing problem in the vulnerability world is that of “provenance”, meaning “where the hell did that come from?!” Vulnerability Databases (VDB’s) like CVE and OSVDB are big on provenance. We want to know exactly where the information came from…

  • Vulnerability History

    [This was originally published on the OSVDB blog.] Steven Christey (CVE) recently posted about vulnerability history and complexity. The recent sendmail vulnerability has brought up discussion about both topics and adds another interesting piece of history to the venerable sendmail package. One point to walk away with is that while sendmail has a long history…

  • For Sale: VDB

    [This was originally published on the OSVDB blog.] Jason Bergen posted to Full-Disclosure trying to sell a “Security Vulnerability Database Company“. From that mail: The company maintains a database of all security vulnerabilities, and the database is updated on a daily basis. The company maybe of interest to organisations who are currently licensing a vulnerability…

  • State of vulnerability research?

    [This was originally published on the OSVDB blog.] Steve Christey of CVE has posted to several lists asking What is the state of vulnerability research? Before you dismiss the question, give it serious thought for a few minutes. Have any ideas, opinions or concerns about where vuln research is heading? Where it should be? Drop…