Some of Our Sources
- Simplebits
- Team Treehouse
- Abduzeedo
- TutsPlus - Design
- Naldz Graphics
- Crazy Leaf Design
- My Ink Blog
- Wal You
- Codrops
- TechPowerUp
Help Webnuz
Referal links:
July 11, 2015 12:00 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/UUC9Vx8cNsQ/rethinking-security-advisory-severities
Rethinking Security Advisory Severities
An anonymous reader writes: The recent OpenSSL vulnerability got the internet all hyped up for a security issue that, in the end, turned out to have a very limited impact. This is good news of course, we don't need another Heartbleed. But it raises the question: should security advisories be more clear on the impact and possible ramifications of such a vulnerability, to avoid unnecessary panic? Developer Mattias Geniar says, "The Heartbleed vulnerability got the same severity as the one from last night. Heartbleed was a disaster, CVE-2015-1793 will probably go by unnoticed. ... Why? Because CVE-2015-1793, no matter how dangerous it was in theory, concerned code that only a very small portion of the OpenSSL users were using. But pretty much every major technology site jumped on the OpenSSL advisory. ... The OpenSSL team is in a particularly tricky situation, though. On the one hand, their advisories are meant to warn people without giving away the real vulnerability. It's a warning sign, so everyone can keep resources at hand for quick patching, should it be needed. At the same time, they need to warn their users of the actual severity.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/UUC9Vx8cNsQ/rethinking-security-advisory-severities
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot