[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Re: SecurityLab report: The Top 10 Most Critical Vulnerabilities in June 2004
- To: Alexander <pigrelax@xxxxxxxxx>
- Subject: [Full-Disclosure] Re: SecurityLab report: The Top 10 Most Critical Vulnerabilities in June 2004
- From: Michal Zalewski <lcamtuf@xxxxxxxxxxx>
- Date: Thu, 1 Jul 2004 21:06:26 +0200 (CEST)
On Wed, 30 Jun 2004, Alexander wrote:
> SecurityLab report: The Top 10 Most Critical Vulnerabilities in June
> 2004
What is the point of posting such a list, though? I think it's flawed.
Are you preparing it so that system administrators know what is the
biggest threat, and what to patch immediately? If so, you should include
many of the flaws from past months that, for some reason, are now in the
spotlight... but you keep the list limited to current month.
Should I fix those issues immediately? If so, it would be extremely unwise
to rely on a monthly posting when the disclosure-to-exploit cycle is. So
maybe it's just a summary of what important issues I might have overlooked
when relying on other sources?
But if so, what if there were 15 important remote root flaws one month? By
constraining your list to ten items, in slow months many of the
vulnerabilities won't be nearly as relevant, whereas on some occassions,
some items will be left out.
Now, if you want to make a useful list, you should post a bi-weekly "hot
issue" watch list for those of us who missed all the CERT alerts and
advisories - that is, in my opinion.
--
------------------------- bash$ :(){ :|:&};: --
Michal Zalewski * [http://lcamtuf.coredump.cx]
Did you know that clones never use mirrors?
--------------------------- 2004-07-01 20:57 --
http://lcamtuf.coredump.cx/photo/current/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html