CERT Reports the # of Security flaws in 2005

December 31, 2005

Security Fix – Brian Krebs on Computer and Internet Security – (washingtonpost.com)

http://www.typepad.com/t/trackback/3939193

Okay so this article is discussing security flaws published by CERT, 812 for Windows & 2000+ for Unix/Linux.  First of all, you shouldn’t be lumping all *nix bugs together, I’d like to see the breakdown by individual OS and also see what percentage of those bugs are found in multiple systems (i.e. security bugs found in multiple flavors of Linux because of the shared code vs. bugs introduced only into that version’s code).  Working in security myself (mostly application security, for the ACE Team), I have to say that this is basically useless information.  Why?  Because security bugs are wide and varied, with different degrees of severity, exploitability and reproducibility (btw: is that a word?). 

For example, we log lots of low severity bugs, (we have basically 5 severity levels) but only require the high severity bugs to be fixed.  Why?  Because only those bugs can be exploited in someway.  Whats a low severity, non-exploitable bug you say?  One that doesn’t follow best practice, or goes against the doctrine of defense in depth.  More on that in another post.  My point being that security is not a cut and dried, black and white “812 flaws, 2000+ flaws” type of deal, each bug has its own merits and severity resulting in a variety of actions.

Advertisements

5 Responses to “CERT Reports the # of Security flaws in 2005”

  1. Petro Says:

    hi, hi, hi! Beautiful site.

  2. fff porn Says:

    Welcome!!! fff porn

  3. henry Says:

    Welcome!!! henry wolff and nancy hennings tibetan bells

  4. index Says:

    Welcome!!! index

  5. map2 Says:

    comment – map2


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: