Search the Community
Showing results for tags 'days'.
-
Anybody selling here high severity 0 days? let me know.
-
Free Windows Hosting for 60 Days myWindowsHosting.com - Unlimited Windows Hosting
-
365 Days FREE VPN ll Port Support Free VPN Client Software | Free VPN Proxy | Free VPN Download
-
Google has adjusted the terms of its controversial Project Zero vulnerability scouting effort, loosening its 90-day disclosure policy somewhat to give companies a better chance of fixing their security bugs before they become public knowledge. Among the changes, Google says it will no longer disclose bugs on weekends and public holidays, and it will even offer software vendors a brief grace period to finish their patches, if they request one. Project Zero has drawn fire from software companies – most notably Microsoft – for disclosing critical vulnerabilities to the public exactly 90 days after it reports them to vendors, a policy that top Redmond security bod Chris Betz said "feels less like principles and more like a 'gotcha'." "What's right for Google is not always right for customers," Betz wrote in a blog post in January. "We urge Google to make protection of customers our collective primary goal." Mind you, it's only natural that Microsoft would be miffed. Among the bugs revealed by Project Zero so far are critical zero-day flaws in Windows that can potentially allow an attacker to gain full control of affected systems. Google's vulnerability disclosures often include proof-of-concept exploit code, meaning cyber-crooks have access to working exploits the minute Google's disclosure goes live. Still, Google seems to have heard Redmond's complaints. On Friday, the online ad-slinger said it would make changes to how Project Zero discloses flaws, but it stopped short of saying it would lengthen the 90-day deadline, noting that CERT's own deadline is even shorter. "We notify vendors of vulnerabilities immediately, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a fix," Google's security team wrote in a blog post. "We've chosen a middle-of-the-road deadline timeline and feel it's reasonably calibrated for the current state of the industry." Going forward, however, 90 days won't necessarily mean 90 days. For one thing, if the date of a patch disclosure deadline falls on a weekend or a public holiday, Google now says it will hold off on its disclosure until the next working day. What's more, the Chocolate Factory says it will extend the disclosure deadline by a grace period of up to 14 days, provided a vendor lets it know that a patch will be released on a specific date within the 14 days. "Public disclosure of an unpatched issue now only occurs if a deadline will be significantly missed," Google's post states. Google says it will also be sure to pre-assign CVE (Common Vulnerabilities and Exposure) numbers to bugs that go past their deadlines before it discloses them, to avoid confusion and help the public understand specific threats. But Redmond wasn't entirely satisfied with the changes, saying it would much rather see Google work more interactively with software vendors to apply patches. "When finders release proof-of-concept exploit code, or other information publically before a solution is in place, the risk of attacks against customers goes up," Microsoft's Betz told The Register in an emailed statement. "While it is positive to see aspects of disclosure practices adjust, we disagree with arbitrary deadlines because each security issue is unique and end-to-end update development and testing time varies." Google, meanwhile, said that an arbitrary deadline, albeit a nondiscriminatory one, is the best vendors can hope for. "As always, we reserve the right to bring deadlines forwards or backwards based on extreme circumstances," Google's security team said. "We remain committed to treating all vendors strictly equally." ® Sursa
-
Prezentare " In ultimii 20 de ani, in cadrul fiecarei industrii si al oricarei economii, mediul de afaceri a fost supus unor transformari dramatice. Companiile manufacturiere se transforma in companii de servicii manufacturiere,agentiile guvernamentale se transforma in asa fel incat sa poata oferi servicii cetatenilor, iar companiile de retail se transforma in vederea asigurarii de servicii de retail sociale. Aceste transformari au creat atat pentru clienti cat si pentru angajati o intreaga experienta digitala conducand organizatia catre o noua arhitectura IT in ceea ce priveste securitatea. Noile aplicatii vor fi mai bine construite in mediul Cloud decat on-premise iar interactiunea va fi mobila, accesibila si sociala. Afacerile care se vor transforma conform acestui model vor avea nevoie sa isi protejeze clientii sis a le castige increderea oferindu-le astfel o experienta sigura. Pe parcursul acestui eveniment veti putea vedea cum companiile IT pot sa isi securizeze datele in mediul Cloud, sa experimentati interactiunea mobila si sociala folosind strategii de securitate avansate si de asemenea cum sa aplicati o abordare in conformitate cu reglementarile in vigoare folosind arhitectura mobila si sociala in conditii de securitate. Va invitam alaturi de noi, miercuri 24 iulie, la un seminar exclusiv de securitate, pentru a afla cum cele mai recente progrese ale Oracle, privind managementul de identitate si de securitate a datelor, va pot ajuta sa va imbunatatiti solutiile de securitate in IT, in conformitate cu reglementarile in vigoare si reducandu-va in acelasi timp costurile. Nu pierdeti ocazia de a socializa cu colegii dvs., de a va impartasi ideile si de a discuta cu expertii Oracle despre extinderea infrastructurii IDM si politicile de securitate in carul noii experiente digitale! Inregistrati-va online pentru acest eveniment gratuit. Pentru detalii suplimentare: Andra Duta: +4 021 212 01 41, andra.duta@results.ro Va asteptam cu drag, Echipa Oracle. " Agenda 10:00 - 10:30 - Inregistrare participanti si cafea 10:30 - 10:35 - Cuvant de bun venit 10:35 - 11:35 - Securing The New Digital Experience by Katerina Kalimeri, CISSP Security Solution Architect, Oracle EE&CIS Enterprise Security 11:35 - 11:45 - Studiu de caz by Katerina Kalimeri, CISSP Security Solution Architect, Oracle EE&CIS Enterprise Security 11:45 - 12:20 - Demo: Securing The Mobile and Social Interaction Demo by Katerina Kalimeri, CISSP Security Solution Architect, Oracle EE&CIS Enterprise Security 12:20 - 12:30 - Intrebari si raspunsuri 12:30 - 13:30 - Masa de pranz Date despre eveniment: miercuri, 24 iulie 2013 10:00 – 13:30 Oracle office CVC5, Calea Floreasca 169 A, corp B, etaj 1 Bucuresti, Romania sursa