version 1.467, 2005/07/07 09:07:19 |
version 1.468, 2005/07/07 16:18:45 |
|
|
|
|
<h2>June, 2005</h2> |
<h2>June, 2005</h2> |
<ul> |
<ul> |
|
|
|
<li><font color="#009000"><strong> |
|
<a href="http://www.eurekalert.org/pub_releases/2005-06/ns-ttc062205.php"> |
|
The true cost of computer crime</a>, |
|
EurekAlert / <a href="http://www.newscientist.com/">New Scientist Magazine</a>, |
|
issue June 25, 2005</strong></font><br> |
|
This article looks at computer crime, especially the way upcoming |
|
vulnerability reports are dealt with. It also gives a short overview of the |
|
different institutions involved in the process (vendors, free projects, CERTs). |
|
<br> |
|
The author mentions the work of Andy Ozment, who researches vulnerability |
|
disclosure at the University of Cambridge. Using OpenBSD as a good example |
|
of how disclosure and consequent fixing of bugs helps to strengthen security, |
|
he refutes the widely spread FUD that disclosing vulnerabilities leads to |
|
more harm than good. Ozment's methodology was to examine OpenBSD's CVS logs |
|
and noting when fixes were published; his research shows that |
|
<i>"the number of vulnerabilities decreases as a result of disclosure"</i>. |
|
<p> |
|
|
<li><font color="#009000"><strong> |
<li><font color="#009000"><strong> |
<a href="http://www.forbes.com/forbes/2005/0704/071.html"> |
<a href="http://www.forbes.com/forbes/2005/0704/071.html"> |
Free Bird</a>, |
Free Bird</a>, |