Russian Researcher Sets Vulnerabilities Free
Intevydis, a previously little-known Russian security firm, is making a name for itself by releasing details of unpatched zero day exploits at the rate of one a day for the rest of this month.
Intevydis, a previously little-known Russian security firm, is making a name for itself by releasing details of unpatched zero day exploits at the rate of one a day for the rest of this month.While the Intevydis hole-a-day revelations are aimed, the firm says, at the inadequacies of "responsible disclosure" (keeping vulnerabilities generally quiet while giving the vulnerable software's manufacturers the chance to patch the hole), there's a lot of buzz about whether or not the Intevydis move is itself irresponsible zero-day exploit disclosure.
Irresponsible -- or worse, some say.
No surprise there -- this sort of thing comes up from time-to-time, and the back-and-forth about its ethics (or lack thereof)comes up right along with it.
That's one that won't be solved, certainly not any time soon.
But any time soon applies to patching the bugs as well: Some of the holes Intevydis is revealing have been around for years. They don't get patched for a variety of reasons, but one that we've all heard is that a particular vulnerability is "low priority."
Maybe so -- for the software maker. How low the priority for the exploiters, though, is a question, at least one of them, that the Intevydis revelations may begin to answer.
Read more about:
2010About the Author(s)
You May Also Like
Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024Extending Access Management: Securing Access for all Identities, Devices, and Applications
June 4, 2024Assessing Software Supply Chain Risk
June 6, 2024Preventing Attackers From Wandering Through Your Enterprise Infrastructure
June 19, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024