HD Moore has an excellent piece in the Metasploit blog about how full disclosure of software vulnerabilities can actually be defensible, regardless of the whining that results from software vendors. In this particular case, Moore uses the recent Adobe Acrobat vulnerability as his case study. Depending on which online account you happen to read, it appears that rumors of this unpatched flaw were circulating as far back as December 2008, and it wasn't until the bright light of disclosure was brought to bear did Adobe finally get in gear to address the issue.
As Moore states so eloquently, If the vendor involved was Microsoft, the press would be tearing them apart right now. What part of "your customers are being exploited" do they not understand?
No comments:
Post a Comment
Please tell me what you think.