Vulnerability Life Cycles

    Date26 Nov 2001
    3928
    Posted ByAnthony Pell
    The vulnerability life cycle has three phases: the research/discovery phase -- in which both malicious and nonmalicious security researchers seek new holes in products; the disclosure phase -- in which the discoverer of the new vulnerability tells others about it; and . . . The vulnerability life cycle has three phases: the research/discovery phase -- in which both malicious and nonmalicious security researchers seek new holes in products; the disclosure phase -- in which the discoverer of the new vulnerability tells others about it; and the exploitation phase -- in which the specifics of bug information are incorporated into a program designed to take advantage of the vulnerability.

    Trace Unix exploit code in the late 1980s and early 1990s and you'll find that vulnerability information and exploit code commonly circulated in the underground long before they made their way to FIRST, CERT or Bugtraq circles. Attackers used this knowledge as trump cards: Even if your Unix machine patches were up to date, you obviously had no patch for unknown holes. These vulnerabilities still exist today, leaving many systems in a "pants-down" state. This phenomena is one of the primary reasons defense-in-depth strategies are so important. We're not battling just the known; we're battling the unknown too.

    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.