Security researchers over at the Zero-Day Initiative recently revealed a critical vulnerability infecting Internet Explorer 8. ZDI members say they decided to publicly disclose the bug because they privately disclosed it to Microsoft over 180 days ago.
When does public disclosure of security vulnerabilities make sense?
Listen to episode 148 of our security slice podcast and hear Craig Young, Lamar Bailey and Tyler Reguly discuss why public disclosure of vulnerabilities should be a last resort, the differences in following responsible disclosure processes with large and small technology organizations, and why keeping communication channels open during the disclosure process can make a significant difference in public disclosure decisions.
Click Here to Listen to the Podcast
- Security Slice: Old Malware, New Tricks
- Security Slice: Retail Security Unite!
- Security Slice: Cloud Storage and Security
- Security Slice: Heartbleed Hysteria Returns
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock