On your marks, get set, go: vulnerabilty mitigation race
In many ways, the public release of new web-based vulnerabilities is like a Track and Field race. The goal of the race is to be the first one to either exploit or patch a vulnerability. The firing of the starters pistol is the public vulnerability announcement. The participants in the race may include; 1) Organizations running the vulnerable application, 2) Attackers looking to exploit the vulnerability manually, or 3) The odds on favorite to win the race - an automated worm program. Organizations looking to mitigate or patch their systems are the long-shots to win this race. Let's look at a breakdown of the reasons why it is challenging for organizations to win.
At the Web Security blog.
[ Read more ]