One Article Review
| Source |  CSO |
|---|---|
| Identifiant | 6499188 |
| Date de publication | 2022-08-24 02:00:00 (vue: 2022-08-24 10:05:36) |
| Titre | Why patching quality, vendor info on vulnerabilities are declining |
| Texte | Those who apply security patches are finding that it's becoming harder to time updates and determine the impact of patching on their organizations. Dustin Childs of the ZDI Zero Day Initiative and Trend Micro brought this problem to light at the recent Black Hat security conference: Patch quality has not increased and in fact is getting worse. We are dealing with repatching bugs that weren't fixed right or variant bugs that could have been patched the first time.Childs also pointed out that vendors are not providing good information about the Common Vulnerability Scoring System (CVSS) risk to easily analyze whether to patch. The vendor might give a high CVSS risk score to a bug that wouldn't be easily exploited. I am having to dig more into details of a bug to better understand the risk of not applying an update immediately. Vendors are adding obscurity to bug information and making it harder to understand the risk.To read this article in full, please click here |
| Envoyé | Oui |
| Condensat | about adding also analyze apply applying are article becoming been better black brought bug bugs childs click common conference: could cvss day dealing declining details determine dig dustin easily exploited fact finding first fixed full getting give good harder has hat have having here high immediately impact increased info information initiative light making micro might more not obscurity organizations out patch patched patches patching please pointed problem providing quality read recent repatching right risk score scoring security system those time trend understand update updates variant vendor vendors vulnerabilities vulnerability weren whether who why worse wouldn zdi zero |
| Tags | Vulnerability Patching |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.