all InfoSec news
Open-source vulnerability disclosure: Exploitable weak spots
Help Net Security www.helpnetsecurity.com
Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are made available, Aqua Security researchers worry. The risk arises from “half-day” and “0.75-day” vulnerabilities “Half-day” vulnerabilities are known to the maintainer and information about them is publicly exposed on GitHub or the National Vulnerability Database, but there’s still no official fix. “0.75-day” vulnerabilities have an official fix, but not a … More
The post …
aqua aqua security attackers attacks cybercriminals disclosure don't miss exploited exposed flaws harvest hot stuff information launch maintainer open source patches process projects research researchers risk security security researchers vulnerabilities vulnerability vulnerability disclosure