The announcement would
only be a bare-bones advisory that would be issued at the time it was reported to the
vendor. The key here is that only the vendor that the vulnerability affects is mentioned
in this early reporting, as well as the date the report was issued and the severity of the
vulnerability. There is no mention as to which specific product is being affected. This
move is to try to establish TippingPoint as the industry watchdog and to keep vendors
from dragging their feet in creating fixes for the vulnerabilities in their products.
The decision to preannounce is very different from many of the other vendors in the
industry that also purchase data on flaws and exploits from external individuals. Many
think that this kind of approach is simply a marketing ploy and has no real benefit to the
industry. Some critics feel that this kind of advanced reporting could cause more problems
for, rather than help, the industry. These critics feel that any indication of a vulnerability
could attract the attention of hackers in a direction that could make that flaw more
apparent. Only time will truly tell if this will be good for the industry or detrimental.
Vendors Paying More Attention
Vendors are expected to provide foolproof, mistake-free software that works all the time.
Pages:
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202