Understanding the process of finding serious vulnerabilities (opens in new tab)

(lcamtuf.blogspot.com)

65 pointsprobdist10y ago4 comments

4 comments

4 comments · 2 top-level

jmnicolas10y ago· 2 in thread

It's just a teaser with no results yet. I'd be really interested to read the next article when he'll have compiled the answers.

FilterSweep10y ago

I must admit, he totally got me with watch this space. Bookmarked for later. I wonder how honest the security researchers will be? I'd also love to see the same survey replicated with those who exploit the vulnerabilities they find.... Those may not be as honest

vog10y ago

I also added their ATOM feed to my RSS reader, and I'm curious if some interesting articles will come.

ufmace10y ago

It may not be that comprehensive yet, but I thought this was interesting:

> Only a small minority of serious vulnerabilities appear to be disclosed anywhere outside a vendor advisory, making it extremely dangerous to rely on press coverage (or any other casual source) for evaluating personal risk.

I've always had a feeling that the cycle of reading an article on publicized security flaw X and then jumping in response to update or replace something immediately was kinda pointless. Seems better to have a regular update schedule and practice good defense in depth than to watch the tech media and obsess over their reports.

j / k navigate · click thread line to collapse