Open-source vulnerability disclosure: Exploitable weak spots | allinfosecnews.com

Nov. 9, 2023, 12:14 p.m. | Zeljka Zorz

Help Net Security www.helpnetsecurity.com

Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are made available, Aqua Security researchers worry. The risk arises from “half-day” and “0.75-day” vulnerabilities “Half-day” vulnerabilities are known to the maintainer and information about them is publicly exposed on GitHub or the National Vulnerability Database, but there’s still no official fix. “0.75-day” vulnerabilities have an official fix, but not a … More →

The post …

aqua aqua security attackers attacks cybercriminals disclosure don't miss exploited exposed flaws harvest hot stuff information launch maintainer open source patches process projects research researchers risk security security researchers vulnerabilities vulnerability vulnerability disclosure

More from www.helpnetsecurity.com / Help Net Security

Bug hunters can get up to $450,000 for an RCE in Google’s Android apps 18 hours ago | www.helpnetsecurity.com

android android apps app apps +17

Trellix Wise automates security workflows with AI, streamlining threat detection and remediation 20 hours ago | www.helpnetsecurity.com

artificial artificial intelligence cyber cyber risk +21

Microsoft, Google widen passkey support for its users 20 hours ago | www.helpnetsecurity.com

account protection authentication awareness bitwarden +18

Cyble Vision X covers the entire breach lifecycle 21 hours ago | www.helpnetsecurity.com

access artificial artificial intelligence aspect +23

BlackBerry CylanceMDR improves cybersecurity defensive strategy 21 hours ago | www.helpnetsecurity.com

address advanced ai platform amp +28

FortiGate 200G series boosts campus connectivity for Wi-Fi 7 22 hours ago | www.helpnetsecurity.com

ai-powered campus connectivity firewall +15

Nokod Security Platform secures low-code/no-code development environments and apps 22 hours ago | www.helpnetsecurity.com

applications apps automations code +23

Lenovo launches AI-based Cyber Resiliency as a Service 23 hours ago | www.helpnetsecurity.com

copilot copilot for security cyber cyber protection +24

Edgio ASM reduces risk from web application vulnerabilities 23 hours ago | www.helpnetsecurity.com

application application vulnerabilities asm assets +33

Principal Security Engineer

@ Elsevier | Home based-Georgia

View on infosec-jobs.com

Infrastructure Compliance Engineer

@ NVIDIA | US, CA, Santa Clara

View on infosec-jobs.com

Information Systems Security Engineer (ISSE) / Cybersecurity SME

@ Green Cell Consulting | Twentynine Palms, CA, United States

View on infosec-jobs.com

Sales Security Analyst

@ Everbridge | Bengaluru

View on infosec-jobs.com

Alternance – Analyste Threat Intelligence – Cybersécurité - Île-de-France

@ Sopra Steria | Courbevoie, France

View on infosec-jobs.com

Third Party Cyber Risk Analyst

@ Chubb | Philippines

View on infosec-jobs.com