Vendors, once mute on the topic, even
started to assume roles that became more and more active, especially in areas that
involved the dissemination of information that provided protective measures. Not
wanting to appear as if theywere deliberately hiding information, and insteadwanting
to continue to foster customer loyalty, vendors began to set up security-alert
mailing lists and websites. Although this all sounds good and gracious, in reality
gray hat attackers, vendors, and customers are still battling with each other and
among themselves on how to carry out this process. Vulnerability discovery is better
than it was, but it is still a mess in many aspects and continually controversial.
Gray Hat Hacking: The Ethical Hacker??™s Handbook
46
can of worms pertaining to companies installing third-party fixes instead of waiting for
the vendor. As you can tell, vulnerability discovery is in flux about establishing one specific
process, which causes some chaos followed by a lot of debates.
You Were Vulnerable for How Long?
Even when a vulnerability has been reported, there is still a window where the exploit is
known about but a fix hasn??™t been created by the vendors or the antivirus and antispyware
companies.
Pages:
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151