| version 1.467, 2005/07/07 09:07:19 |
version 1.468, 2005/07/07 16:18:45 |
|
|
| |
|
| <h2>June, 2005</h2> |
<h2>June, 2005</h2> |
| <ul> |
<ul> |
| |
|
| |
<li><font color="#009000"><strong> |
| |
<a href="http://www.eurekalert.org/pub_releases/2005-06/ns-ttc062205.php"> |
| |
The true cost of computer crime</a>, |
| |
EurekAlert / <a href="http://www.newscientist.com/">New Scientist Magazine</a>, |
| |
issue June 25, 2005</strong></font><br> |
| |
This article looks at computer crime, especially the way upcoming |
| |
vulnerability reports are dealt with. It also gives a short overview of the |
| |
different institutions involved in the process (vendors, free projects, CERTs). |
| |
<br> |
| |
The author mentions the work of Andy Ozment, who researches vulnerability |
| |
disclosure at the University of Cambridge. Using OpenBSD as a good example |
| |
of how disclosure and consequent fixing of bugs helps to strengthen security, |
| |
he refutes the widely spread FUD that disclosing vulnerabilities leads to |
| |
more harm than good. Ozment's methodology was to examine OpenBSD's CVS logs |
| |
and noting when fixes were published; his research shows that |
| |
<i>"the number of vulnerabilities decreases as a result of disclosure"</i>. |
| |
<p> |
| |
|
| <li><font color="#009000"><strong> |
<li><font color="#009000"><strong> |
| <a href="http://www.forbes.com/forbes/2005/0704/071.html"> |
<a href="http://www.forbes.com/forbes/2005/0704/071.html"> |
| Free Bird</a>, |
Free Bird</a>, |
![[BACK]](/icons/back.gif){kind=icon}
Return to press.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www