This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Template:Application Security News"
From OWASP
| Line 11: | Line 11: | ||
; '''Dec 2 - [http://blogs.oracle.com/security/2006/11/27#a39 Oracle blames security researchers]''' | ; '''Dec 2 - [http://blogs.oracle.com/security/2006/11/27#a39 Oracle blames security researchers]''' | ||
: "We do not credit security researchers who disclose the existence of vulnerabilities before a fix is available. We consider such practices, including disclosing 'zero day' exploits, to be irresponsible." So the question on everybody's mind - is the [http://www.oracle.com/security/software-security-assurance.html Oracle Software Security Assurance] program real? Or are David Litchfield and Cesar Cerrudo right that Emperor has no clothes? | : "We do not credit security researchers who disclose the existence of vulnerabilities before a fix is available. We consider such practices, including disclosing 'zero day' exploits, to be irresponsible." So the question on everybody's mind - is the [http://www.oracle.com/security/software-security-assurance.html Oracle Software Security Assurance] program real? Or are David Litchfield and Cesar Cerrudo right that Emperor has no clothes? | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
; [[Application Security News|Older news...]] | ; [[Application Security News|Older news...]] | ||
Revision as of 15:50, 13 December 2006
- Dec 13 - UCLA spins massive breach
- Why not just say what measures you've really taken? Are all developers trained? Do you do code review and security testing? "Jim Davis, UCLA's chief information officer, said a computer trespasser used a program designed to exploit an undetected software flaw to bypass all security measures and gain access to the restricted database that contains information on about 800,000 current and former students, faculty and staff, as well as some student applicants and parents of students or applicants who applied for financial aid. 'In spite of our diligence, a sophisticated hacker found and exploited a subtle vulnerability in one of hundreds of applications,' Davis said in the statement."
- Dec 10 - MySpace and Apple mess
- MySpace and Apple show how NOT to handle security incidents (see also How Not to Distribute Security Patches)
- Nov 28 - JBroFuzz 0.3 Released
- This version adds a more stable core, length updating for fuzzed POST requests and allows you to specify your own fuzz vectors in a separate file.
- Dec 2 - Oracle blames security researchers
- "We do not credit security researchers who disclose the existence of vulnerabilities before a fix is available. We consider such practices, including disclosing 'zero day' exploits, to be irresponsible." So the question on everybody's mind - is the Oracle Software Security Assurance program real? Or are David Litchfield and Cesar Cerrudo right that Emperor has no clothes?
