Snort survives first vulnerability

Thursday, 13 March 2003, 9:06 AM EST

Can you take us through the first few days after Sourcefire first learned of the vulnerability?

Jackson: We learned about it the evening of Feb. 20. Internet Security Systems discovered it. They recognized how pervasive Snort is and it led them to take a back seat to us in addressing the vulnerability and releasing the information to the public. We worked together to form a disclosure strategy. We put the elements together to mitigate the vulnerability, including the patch, so that at the start of business on Monday March 3, we were ready with everything needed to remediate.

Snort is used heavily in the (U.S.) government. We concluded that we should include NIPC in the initial disclosure and let them guide us on the disclosure strategy (on Feb. 27). They used the subsequent week to mitigate and patch anything. Last Monday (March 3), we made the disclosure to our customers and the public.

[ Read more ]

Related items




Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //