Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Do Proof-of-Concept Exploits Do More Harm Than Good?

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Do Proof-of-Concept Exploits Do More Harm Than Good?


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: it.slashdot.org

secwatcher writes: When it comes to the release of proof-of-concept (PoC) exploits, more security experts agree that the positives outweigh the negatives, according to a recent and informal Threatpost poll. In fact, almost 60 percent of 230 security pundits thought it was a "good idea" to publish PoC code for zero days. Up to 38 percent of respondents, meanwhile, argued it wasn't a good idea. Dr. Richard Gold, head of security engineering at Digital Shadows, told Threatpost that PoC code makes it easier for security teams to do penetration testing: "Rather than having to rely on vendor notifications or software version number comparisons, a PoC allows the direct verification of whether a particular system is exploitable," Gold told Threatpost. "This ability to independently verify an issue allows organizations to better understand their exposure and make more informed decisions about remediation." In fact, up to 85 percent of respondents said that the release of PoC code acts as an "effective motivator" to push companies to patch. Seventy-nine percent say that the disclosure of a PoC exploit has been "instrumental" in preventing an attack. And, 85 percent of respondents said that a PoC code release is acceptable if a vendor won't fix a bug in a timely manner... On the flip-side of the argument, many argue that the release of the Citrix PoC exploits were a bad idea. They say attacks attempting to exploit the vulnerability skyrocketed as bad actors rushed to exploit the vulnerabilities before they are patched... Matt Thaxton, senior consultant at Crypsis Group, thinks that the "ultimate function of a PoC is to lower the bar for others to begin making use of the exploit... In many cases, PoC's are put out largely for the notoriety/fame of the publisher and for the developer to 'flex' their abilities...." This issue of a PoC exploit timeline also brings up important questions around patch management for companies dealing with the fallout of publicly-released code. Some, like Thaxton, say that PoC exploit advocates fail to recognize the complexity of patching large environments: "I believe the release of PoC code functions more like an implied threat to anyone that doesn't patch: 'You'd better patch . . . or else,'" he said "This kind of threat would likely be unacceptable outside of the infosec world. This is even more obvious when PoCs are released before or alongside a patch for the vulnerability." And Joseph Carson, chief security scientist at Thycotic, tells them "Let's be realistic, once a zero-day is known, it is only a matter of time before nation states and cybercriminals are abusing them."

Read more of this story at Slashdot.

...



๐Ÿ“Œ PoC Exploits Do More Good Than Harm: Threatpost Poll


๐Ÿ“ˆ 43.94 Punkte

๐Ÿ“Œ PoC Exploits Do More Good Than Harm: Poll


๐Ÿ“ˆ 43.94 Punkte

๐Ÿ“Œ Health Apps Could Be Doing More Harm Than Good, Warn Scientists


๐Ÿ“ˆ 37.73 Punkte

๐Ÿ“Œ Security vendors need to stop doing more harm than good


๐Ÿ“ˆ 37.73 Punkte

๐Ÿ“Œ Would a bill banning bots do more harm than good?


๐Ÿ“ˆ 37.73 Punkte

๐Ÿ“Œ A Look Into Why Free VPNโ€™s Can Cause More Harm Than Good


๐Ÿ“ˆ 37.73 Punkte

๐Ÿ“Œ A Look Into Why Free VPNโ€™s Can Cause More Harm Than Good


๐Ÿ“ˆ 37.73 Punkte

๐Ÿ“Œ So far, Destiny 2's new midseason patch has done more harm than good


๐Ÿ“ˆ 37.73 Punkte

๐Ÿ“Œ Password expiration policies do more harm than good


๐Ÿ“ˆ 37.73 Punkte

๐Ÿ“Œ Tim O'Reilly Asks If Venture Capital Is Doing More Harm Than Good


๐Ÿ“ˆ 37.73 Punkte

๐Ÿ“Œ More Harm Than Good? On DORA Metrics, SPACE and DevEx


๐Ÿ“ˆ 37.73 Punkte

๐Ÿ“Œ Why a data breach means so much more than just the hard costs, and how to prevent the harm.


๐Ÿ“ˆ 29.52 Punkte

๐Ÿ“Œ Kryptowรคhrungen: Das unterscheidet Proof-of-Work und Proof-of-Stake


๐Ÿ“ˆ 25.55 Punkte

๐Ÿ“Œ WHAT IS THE DIFFERENCE BETWEEN PROOF OF WORK AND PROOF OF STAKE?


๐Ÿ“ˆ 25.55 Punkte

๐Ÿ“Œ Animated Windows 10 Desktop Is Living Proof Themes Must Be More Than Wallpapers


๐Ÿ“ˆ 24.41 Punkte

๐Ÿ“Œ Android exploits are now worth more than iOS exploits for the first time


๐Ÿ“ˆ 24.06 Punkte

๐Ÿ“Œ Android Exploits Are Now Worth More Than iOS Exploits for the First Time


๐Ÿ“ˆ 24.06 Punkte

๐Ÿ“Œ Open Source is More Secure than Closed Source because Closed Source is More Secure than Open Source


๐Ÿ“ˆ 23.26 Punkte

๐Ÿ“Œ State-sponsored hackers and ransomware gangs are diversifying tactics to inflict more harm


๐Ÿ“ˆ 22.62 Punkte

๐Ÿ“Œ How harm reduction can more effectively reduce employee risky behavior


๐Ÿ“ˆ 22.62 Punkte

๐Ÿ“Œ Microsoft news recap: CMA provisionally concludes Activision Blizzard deal will not harm competition, Bing Image Creator launches, and more


๐Ÿ“ˆ 22.62 Punkte

๐Ÿ“Œ Verizon 2020 DBIR: More Extensive, More Detailed and More Thorough Than Ever


๐Ÿ“ˆ 21.1 Punkte

๐Ÿ“Œ When 'Grandma-Proof' Android Spyware Is Good Enough For International Espionage


๐Ÿ“ˆ 20.99 Punkte

๐Ÿ“Œ US Marines seek more than a few good men (3,000 men and women, actually) for cyber-war


๐Ÿ“ˆ 19.85 Punkte

๐Ÿ“Œ US Marines seek more than a few good men (3,000 men and women, actually) for cyber-war


๐Ÿ“ˆ 19.85 Punkte

๐Ÿ“Œ If you've stayed at a Holiday Inn you may have lost more than a good night's sleep (like maybe your bank card)


๐Ÿ“ˆ 19.85 Punkte

๐Ÿ“Œ Going from engineer to entrepreneur takes more than just good code (Ep. 503)


๐Ÿ“ˆ 19.85 Punkte

๐Ÿ“Œ This Samsung Galaxy Book3 360 deal is so good it looks even more like a typo than the laptop's silly name


๐Ÿ“ˆ 19.85 Punkte

๐Ÿ“Œ Finding a Good Vendor Partner: More than Technology


๐Ÿ“ˆ 19.85 Punkte

๐Ÿ“Œ Why let Avast sell your data when Defender is more than good enough?


๐Ÿ“ˆ 19.85 Punkte

๐Ÿ“Œ Is Bad Customer Service More Profitable Than Good?


๐Ÿ“ˆ 19.85 Punkte

๐Ÿ“Œ More Than Half of Security Pros Say Risks Higher in Cloud Than On Premise


๐Ÿ“ˆ 18.53 Punkte











matomo