03.26.09 - 01:55pm
Issue
The pwn2own bug that Nils discovered at CanSecWest 2009 and the XSLT vulnerability recently made public by Guido Landi (http://www.securityfocus.com/bid/34235) are both critical issues that can result in malicious code execution.
Impact
These issues can be exploited by tricking a user into visiting a malicious web page hosting the exploit code. The pwn2own bug can be [...]
12.15.08 - 02:48pm
There has been some interest in the last few days about a recent report from a company called Bit9 about application vulnerabilities. While we’re always happy to see stories that focus on educating our users about security, there are some problems with Bit9’s methodology that hinder its ability to draw any meaningful conclusions.
Bit9 says it [...]
07.02.08 - 11:14am
A recent report identified Firefox users as most likely to be running the latest version of the browser at any point in time. Brian Krebs at the Washington Post comments on it here: Forty Percent of Web Users Surf With Unsafe Browsers
This is great news for Mozilla, since it demonstrates that the work that [...]
01.17.08 - 06:29pm
Secunia released a report this week that discusses a few aspects of the security landscape for 2007. Techworld ran a story based on this report with this headline: “Red Hat and Firefox more buggy than Microsoft.” While the headline is misleading, the Techworld article actually tells an interesting story.
Counting security vulnerabilities to compare the security [...]
11.30.07 - 10:28pm
Jeff Jones, a director of security strategy at Microsoft published a report today about counting bugs. I blogged a few months ago about why I think counting bugs is less than useful:
Since all software has bugs, it’s more important to consider how long it takes to get a fix out when a security [...]
06.18.07 - 03:35pm
Since all software has bugs, it’s more important to consider how long it takes to get a fix out when a security issue is discovered than it is to count bugs. Number of vulnerabilities identified is a function of how many bugs are present, but is probably more influenced by things like who is [...]