Vulnerability Life Cycles

    Date26 Nov 2001
    3804
    Posted ByAnthony Pell
    The vulnerability life cycle has three phases: the research/discovery phase -- in which both malicious and nonmalicious security researchers seek new holes in products; the disclosure phase -- in which the discoverer of the new vulnerability tells others about it; and . . . The vulnerability life cycle has three phases: the research/discovery phase -- in which both malicious and nonmalicious security researchers seek new holes in products; the disclosure phase -- in which the discoverer of the new vulnerability tells others about it; and the exploitation phase -- in which the specifics of bug information are incorporated into a program designed to take advantage of the vulnerability.

    Trace Unix exploit code in the late 1980s and early 1990s and you'll find that vulnerability information and exploit code commonly circulated in the underground long before they made their way to FIRST, CERT or Bugtraq circles. Attackers used this knowledge as trump cards: Even if your Unix machine patches were up to date, you obviously had no patch for unknown holes. These vulnerabilities still exist today, leaving many systems in a "pants-down" state. This phenomena is one of the primary reasons defense-in-depth strategies are so important. We're not battling just the known; we're battling the unknown too.

    You are not authorised to post comments.

    LinuxSecurity Poll

    In your opinion, what is the biggest advantage associated with choosing open-source software/technology?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote
    16
    radio
    [{"id":"61","title":"High levels of security","votes":"1","type":"x","order":"1","pct":16.67,"resources":[]},{"id":"62","title":"High levels of quality ","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"63","title":"Cost-effectiveness ","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"64","title":"Freedom and flexibility ","votes":"5","type":"x","order":"4","pct":83.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.