Gray Hat Hacking 78

The document discusses the ongoing debate between vendors, security companies, and gray hat hackers regarding the disclosure of software vulnerabilities. It highlights the frustrations of both customers and vendors due to existing flaws and the challenges in communication and collaboration. The CERT Coordination Center's policy on vulnerability disclosure, which mandates public announcements within 45 days, is outlined as a key framework in addressing these issues.

Uploaded by

digapo7593

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

10 views1 page

Gray Hat Hacking 78

Uploaded by

digapo7593

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 1

Gray Hat Hacking, The Ethical Hacker’s Handbook, Third Edition

50
details would be released to its customers and the public at a “prescribed period of
time” after the vendor has been notified. ISS coordinates their public disclosure of the
flaw with the vendor’s disclosure. This policy only fueled the people who feel that vul-
nerability information should be available for the public to protect themselves.
This dilemma, and many others, represents the continual disconnect among ven-
dors, security companies, and gray hat hackers today. Differing views and individual
motivations drive each group down various paths. The models of proper disclosure that
are discussed in this chapter have helped these different entities to come together and
work in a more concerted effort, but much bitterness and controversy around this issue
remains.

NOTE The range of emotion, the numerous debates, and controversy

over the topic of full disclosure has been immense. Customers and security
professionals alike are frustrated with software flaws that still exist in the
products in the first place and the lack of effort from vendors to help in this
critical area.Vendors are frustrated because exploitable code is continually
released just as they are trying to develop fixes. We will not be taking one side
or the other of this debate, but will do our best to tell you how you can help,
and not hurt, the process.

CERT’s Current Process

The first place to turn to when discussing the proper disclosure of software vulnerabili-
ties is the governing body known as the CERT Coordination Center (CC). CERT/CC is a
federally funded research and development operation that focuses on Internet security
and related issues. Established in 1988 in reaction to the first major virus outbreak on
the Internet, the CERT/CC has evolved over the years, taking on more substantial roles
in the industry, which includes establishing and maintaining industry standards for the
way technology vulnerabilities are disclosed and communicated. In 2000, the organiza-
tion issued a policy that outlined the controversial practice of releasing software vulner-
ability information to the public. The policy covered the following areas:

• Full disclosure will be announced to the public within 45 days of being

reported to CERT/CC. This timeframe will be executed even if the software
vendor does not have an available patch or appropriate remedy. The only
exception to this rigid deadline will be exceptionally serious threats or
scenarios that would require a standard to be altered.
• CERT/CC will notify the software vendor of the vulnerability immediately so
that a solution can be created as soon as possible.
• Along with the description of the problem, CERT/CC will forward the name of
the person reporting the vulnerability unless the reporter specifically requests
to remain anonymous.
• During the 45-day window, CERT/CC will update the reporter on the current
status of the vulnerability without revealing confidential information.

Gray Hat Hacking 91
No ratings yet
Gray Hat Hacking 91
1 page
Gray Hat Hacking 91 100
No ratings yet
Gray Hat Hacking 91 100
10 pages
Gray Hat Hacking 79
No ratings yet
Gray Hat Hacking 79
1 page
Security Vulnerability Disclosure Debate
No ratings yet
Security Vulnerability Disclosure Debate
6 pages
Gray Hat Hacking 75
No ratings yet
Gray Hat Hacking 75
1 page
Gray Hat Hacking 77
No ratings yet
Gray Hat Hacking 77
1 page
Gray Hat Hacking 95
No ratings yet
Gray Hat Hacking 95
1 page
Gray Hat Hacking 90
No ratings yet
Gray Hat Hacking 90
1 page
MSP 2017030003
No ratings yet
MSP 2017030003
2 pages
Internet Security
No ratings yet
Internet Security
30 pages
Ethic03 Updated
No ratings yet
Ethic03 Updated
54 pages
Cybersecurity: Experts vs Criminals
No ratings yet
Cybersecurity: Experts vs Criminals
40 pages
Gray Hat Hacking 96
No ratings yet
Gray Hat Hacking 96
1 page
A Framework For A Vulnerability Disclosure Program For Online Systems
No ratings yet
A Framework For A Vulnerability Disclosure Program For Online Systems
8 pages
Vulnerabilidades Sistemas Infor
No ratings yet
Vulnerabilidades Sistemas Infor
20 pages
Disclosure of Security Vulnerabilities Legal and Ethical Issues
No ratings yet
Disclosure of Security Vulnerabilities Legal and Ethical Issues
127 pages
Cyber Security Introduction
No ratings yet
Cyber Security Introduction
10 pages
Cybersecurity Risks in COMSEC
No ratings yet
Cybersecurity Risks in COMSEC
8 pages
ITI Cyber Threat Info Sharing Policy
No ratings yet
ITI Cyber Threat Info Sharing Policy
2 pages
Cybersecurity Awareness Jerry Andriessen Download
No ratings yet
Cybersecurity Awareness Jerry Andriessen Download
53 pages
Hacking Back Without Cracking Up, by Jeremy Rabkin and Ariel Rabkin
100% (2)
Hacking Back Without Cracking Up, by Jeremy Rabkin and Ariel Rabkin
20 pages
Cybersecurity: Experts vs Criminals
No ratings yet
Cybersecurity: Experts vs Criminals
20 pages
Gray Hat Hacking
0% (1)
Gray Hat Hacking
21 pages
CH 01 - Part 1 PDF
No ratings yet
CH 01 - Part 1 PDF
21 pages
Gray Hat Hacking 81
No ratings yet
Gray Hat Hacking 81
1 page
Collaboration or Separation Maximizing The Partne - 2022 - International Journal
No ratings yet
Collaboration or Separation Maximizing The Partne - 2022 - International Journal
9 pages
So What - Chương 10
No ratings yet
So What - Chương 10
2 pages
SLTT Cybersecurity Resource Guide
No ratings yet
SLTT Cybersecurity Resource Guide
14 pages
Article Summaries Cyber Threats
No ratings yet
Article Summaries Cyber Threats
35 pages
ETI Microproject
No ratings yet
ETI Microproject
16 pages
The Economics of Malware
No ratings yet
The Economics of Malware
33 pages
Vapt 1
No ratings yet
Vapt 1
35 pages
24 Ethics 2
No ratings yet
24 Ethics 2
12 pages
Chapter 12
No ratings yet
Chapter 12
22 pages
Governance and Risk Management
No ratings yet
Governance and Risk Management
21 pages
SSRN 2739894
No ratings yet
SSRN 2739894
78 pages
Gray Hat Hacking 92
No ratings yet
Gray Hat Hacking 92
1 page
University of Benghazi Faculty of Information Technology E-Commerce and E-Marketing (IS475)
No ratings yet
University of Benghazi Faculty of Information Technology E-Commerce and E-Marketing (IS475)
11 pages
ITI Recommendation: Addressing Liability Concerns Impeding More Effective Cybersecurity Information Sharing January 2012
No ratings yet
ITI Recommendation: Addressing Liability Concerns Impeding More Effective Cybersecurity Information Sharing January 2012
7 pages
Cyber Security Essentials
No ratings yet
Cyber Security Essentials
49 pages
Cybersecurity Issues and Challenges: A View: Journal of Global Research in Computer Science
No ratings yet
Cybersecurity Issues and Challenges: A View: Journal of Global Research in Computer Science
8 pages
Internet Security, Vulnerability Disclosure, and Software Provision
No ratings yet
Internet Security, Vulnerability Disclosure, and Software Provision
19 pages
Cyber Security Notes
No ratings yet
Cyber Security Notes
68 pages
Unit 2 CSCL
No ratings yet
Unit 2 CSCL
33 pages
Cyber Security Reference Guide
No ratings yet
Cyber Security Reference Guide
14 pages
Cybersecurity in The Private Sector
No ratings yet
Cybersecurity in The Private Sector
5 pages
Written Testimony Of: The Expanding Cyber Threat
No ratings yet
Written Testimony Of: The Expanding Cyber Threat
8 pages
Vulnerability Assessments in Ethical Hacking
No ratings yet
Vulnerability Assessments in Ethical Hacking
5 pages
Chapter 1
No ratings yet
Chapter 1
97 pages
Latest Vulnerabilities of 2024
No ratings yet
Latest Vulnerabilities of 2024
4 pages
Renewable2 0
No ratings yet
Renewable2 0
8 pages
Chapter 4
No ratings yet
Chapter 4
14 pages
Information Technology Ethical Challenges
0% (1)
Information Technology Ethical Challenges
19 pages
Cybersecurity Penetration Testing On The Ethereum Blockchain
No ratings yet
Cybersecurity Penetration Testing On The Ethereum Blockchain
36 pages
CyberInfoSharing StarterPacket SDI2022
No ratings yet
CyberInfoSharing StarterPacket SDI2022
213 pages
IA#1 Cybercrime Law, Regulation, Effects On Innovation John Doe CSEC 620 Section 9022
No ratings yet
IA#1 Cybercrime Law, Regulation, Effects On Innovation John Doe CSEC 620 Section 9022
12 pages
Unit-I Note
No ratings yet
Unit-I Note
31 pages
Intro To Ethical Hacking - PPT
100% (1)
Intro To Ethical Hacking - PPT
37 pages
SSRN Id3547103
No ratings yet
SSRN Id3547103
274 pages
Gray Hat Hacking 112
No ratings yet
Gray Hat Hacking 112
1 page
Gray Hat Hacking 68
No ratings yet
Gray Hat Hacking 68
1 page
Gray Hat Hacking 111
No ratings yet
Gray Hat Hacking 111
1 page
Gray Hat Hacking 51
No ratings yet
Gray Hat Hacking 51
1 page
Gray Hat Hacking 74
No ratings yet
Gray Hat Hacking 74
1 page
Gray Hat Hacking 87
No ratings yet
Gray Hat Hacking 87
1 page
Gray Hat Hacking 94
No ratings yet
Gray Hat Hacking 94
1 page
Gray Hat Hacking 103
No ratings yet
Gray Hat Hacking 103
1 page
Gray Hat Hacking 88
No ratings yet
Gray Hat Hacking 88
1 page
Gray Hat Hacking 101
No ratings yet
Gray Hat Hacking 101
1 page
Gray Hat Hacking 106
No ratings yet
Gray Hat Hacking 106
1 page
Gray Hat Hacking 99
No ratings yet
Gray Hat Hacking 99
1 page
Gray Hat Hacking 71
No ratings yet
Gray Hat Hacking 71
1 page
Gray Hat Hacking 80
No ratings yet
Gray Hat Hacking 80
1 page
Gray Hat Hacking 70
No ratings yet
Gray Hat Hacking 70
1 page
Gray Hat Hacking 57
No ratings yet
Gray Hat Hacking 57
1 page
Gray Hat Hacking 53
No ratings yet
Gray Hat Hacking 53
1 page
Gray Hat Hacking 58
No ratings yet
Gray Hat Hacking 58
1 page
Gray Hat Hacking 48
No ratings yet
Gray Hat Hacking 48
1 page
Gray Hat Hacking 50
No ratings yet
Gray Hat Hacking 50
1 page
Gray Hat Hacking 47
0% (1)
Gray Hat Hacking 47
1 page
Gray Hat Hacking 49
No ratings yet
Gray Hat Hacking 49
1 page
Gray Hat Hacking 23
No ratings yet
Gray Hat Hacking 23
1 page
Gray Hat Hacking 42
No ratings yet
Gray Hat Hacking 42
1 page
Gray Hat Hacking 46
No ratings yet
Gray Hat Hacking 46
1 page
Gray Hat Hacking 26
No ratings yet
Gray Hat Hacking 26
1 page
Gray Hat Hacking 15
No ratings yet
Gray Hat Hacking 15
1 page
Gray Hat Hacking 17
No ratings yet
Gray Hat Hacking 17
1 page
Gray Hat Hacking 19
No ratings yet
Gray Hat Hacking 19
1 page
CPU-Z Report: Intel Core i5 540M
No ratings yet
CPU-Z Report: Intel Core i5 540M
13 pages
Glacial Landforms: Types and Features
No ratings yet
Glacial Landforms: Types and Features
40 pages
Byte Filling Function Guide
No ratings yet
Byte Filling Function Guide
3 pages
Deja Review Emergency Medicine - 2nd Edition One-Click Ebook Download
100% (20)
Deja Review Emergency Medicine - 2nd Edition One-Click Ebook Download
14 pages
Presentation 2
No ratings yet
Presentation 2
4 pages
Present Perfect
No ratings yet
Present Perfect
9 pages
Globalpharma 2013 Marketing Plan
No ratings yet
Globalpharma 2013 Marketing Plan
38 pages
Baby Massage - Tender Touch PDF
No ratings yet
Baby Massage - Tender Touch PDF
5 pages
CLL F189 Ug PTB
No ratings yet
CLL F189 Ug PTB
543 pages
MikroTik Price List-May 2023-01.05.2023
No ratings yet
MikroTik Price List-May 2023-01.05.2023
5 pages
Test Instructions For Applicants
100% (1)
Test Instructions For Applicants
5 pages
Question Bank U3& U4-1
No ratings yet
Question Bank U3& U4-1
18 pages
Later Wittgenstein
No ratings yet
Later Wittgenstein
8 pages
Electrical Engineering Exam Guide
No ratings yet
Electrical Engineering Exam Guide
3 pages
Vintage Lens Guillotine Shutter Guide
No ratings yet
Vintage Lens Guillotine Shutter Guide
10 pages
DSL-2750U ME 1.30 B038 K8B 0K ME3G-00-4424-20130522 ReleaseNotes
0% (1)
DSL-2750U ME 1.30 B038 K8B 0K ME3G-00-4424-20130522 ReleaseNotes
5 pages
Cluster A Personality Disorders Case Report by Slidesgo
No ratings yet
Cluster A Personality Disorders Case Report by Slidesgo
40 pages
Roch
No ratings yet
Roch
3 pages
10 Chapter 5
No ratings yet
10 Chapter 5
18 pages
SIGHI Medication Manual PREVIEW
No ratings yet
SIGHI Medication Manual PREVIEW
22 pages
CH 15 Mixed Economic System
No ratings yet
CH 15 Mixed Economic System
2 pages
IFIM College
No ratings yet
IFIM College
12 pages
Zond-12e Catalogue
100% (1)
Zond-12e Catalogue
12 pages
JTAG Tutorial
No ratings yet
JTAG Tutorial
16 pages
Black Francophone Power Dynamics
100% (8)
Black Francophone Power Dynamics
22 pages
CBC Animal Health Care & Management NC III
No ratings yet
CBC Animal Health Care & Management NC III
66 pages
Chap 6 - Grammar Answer Key Mosaic 2
No ratings yet
Chap 6 - Grammar Answer Key Mosaic 2
8 pages
Ebook Ebook PDF The Analysis of Biological Data Second Edition All Chapter PDF Docx Kindle
100% (37)
Ebook Ebook PDF The Analysis of Biological Data Second Edition All Chapter PDF Docx Kindle
47 pages
333 Story
No ratings yet
333 Story
3 pages
Codification 160921114948
No ratings yet
Codification 160921114948
25 pages