One Article Review
| Source |  Network World |
|---|---|
| Identifiant | 304161 |
| Date de publication | 2017-02-01 08:29:57 (vue: 2017-02-01 08:29:57) |
| Titre | Mobile security firm offers cash to hackers for their old exploits |
| Texte | Mobile security firm Zimperium has launched an exploit acquisition program that aims to bring undisclosed attack code for already patched vulnerabilities out in the open.Paying for old exploits might seem like a waste of money, but there are technical and business arguments to justify such an acquisition system and they ultimately have to do with the difference between exploits and vulnerabilities.A vulnerability is a software defect with potential security implications, while an exploit is the actual code that takes advantage of that bug to achieve a specific malicious goal, often by bypassing other security barriers along the way.In practice, many vulnerabilities that get reported to vendors are not accompanied by working exploits. Showing that a programming error can lead to memory corruption is typically enough for the vendor to understand its potential implications -- for example, arbitrary code execution.To read this article in full or to leave a comment, please click here |
| Envoyé | Oui |
| Condensat | accompanied achieve acquisition actual advantage aims along already arbitrary are arguments article attack barriers between bring bug business but bypassing can cash click code comment corruption defect difference enough error example execution exploit exploits firm full get goal hackers has have here implications its justify launched lead leave like malicious many memory might mobile money not offers often old open other out patched paying please potential practice program programming read reported security seem showing software specific such system takes technical typically ultimately understand undisclosed vendor vendors vulnerabilities vulnerability waste way working zimperium |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.