This is because they need to assess the attack and develop the
appropriate response. Figure 3-1 displays how long it took for vendors to release fixes to
identified vulnerabilities.
The increase in interest and talent in the black hat community translates to quicker
and more damaging attacks and malware for the industry. It is imperative for vendors
not to sit on the discovery of true vulnerabilities, but to work to get the fixes to the customers
who need them as soon as possible.
Figure 3-1 Illustration of the amount of time it took to develop fixes
PART I
Chapter 3: Proper and Ethical Disclosure
47
For this to take place properly, ethical hackers must understand and followthe proper
methods of disclosing identified vulnerabilities to the software vendor. As mentioned in
Chapter 1, if an individual uncovers a vulnerability and illegally exploits it and/or tells
others how to carry out this activity, he is considered a black hat. If an individual uncovers
a vulnerability and exploits it with authorization, he is considered a white hat. If a
different person uncovers a vulnerability, does not illegally exploit it or tell others how
to do it, but works with the vendor??”this person gets the label of gray hat.
Pages:
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152