Full Disclosure mailing list archives
Re: SecurityLab report: The Top 10 Most Critical Vulnerabilities in June 2004
From: Michal Zalewski <lcamtuf () ghettot org>
Date: Thu, 1 Jul 2004 21:06:26 +0200 (CEST)
On Wed, 30 Jun 2004, Alexander wrote:
SecurityLab report: The Top 10 Most Critical Vulnerabilities in June 2004
What is the point of posting such a list, though? I think it's flawed. Are you preparing it so that system administrators know what is the biggest threat, and what to patch immediately? If so, you should include many of the flaws from past months that, for some reason, are now in the spotlight... but you keep the list limited to current month. Should I fix those issues immediately? If so, it would be extremely unwise to rely on a monthly posting when the disclosure-to-exploit cycle is. So maybe it's just a summary of what important issues I might have overlooked when relying on other sources? But if so, what if there were 15 important remote root flaws one month? By constraining your list to ten items, in slow months many of the vulnerabilities won't be nearly as relevant, whereas on some occassions, some items will be left out. Now, if you want to make a useful list, you should post a bi-weekly "hot issue" watch list for those of us who missed all the CERT alerts and advisories - that is, in my opinion. -- ------------------------- bash$ :(){ :|:&};: -- Michal Zalewski * [http://lcamtuf.coredump.cx] Did you know that clones never use mirrors? --------------------------- 2004-07-01 20:57 -- http://lcamtuf.coredump.cx/photo/current/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: SecurityLab report: The Top 10 Most Critical Vulnerabilities in June 2004 Michal Zalewski (Jul 01)