Tag Archives: stefan frei

The Case for a Compulsory Bug Bounty

December 17, 2013
66 Comments

Security experts have long opined that one way to make software more secure is to hold software makers liable for vulnerabilities in their products. This idea is often dismissed as unrealistic and one that would stifle innovation in an industry that has been a major driver of commercial growth and productivity over the years. But a new study released this week presents perhaps the clearest economic case yet for compelling companies to pay for information about security vulnerabilities in their products.

How Many Zero-Days Hit You Today?

December 5, 2013
52 Comments

On any given day, nation-states and criminal hackers have access to an entire arsenal of zero-day vulnerabilities — undocumented and unpatched software flaws that can be used to silently slip past most organizations’ cyber defenses, new research suggests. That sobering conclusion comes amid mounting evidence that thieves and cyberspies are ramping up spending to acquire and stockpile these digital armaments.

Flaw Flood Busts Bug Bank

February 4, 2013
12 Comments

The Common Vulnerability & Exposures (CVE) index, the industry standard for cataloging software security flaws, is growing so rapidly that it will soon be adding a few more notches to its belt: The CVE said it plans to allow for up to 100 times more individual vulnerabilities to be indexed each year to accommodate an increasing number of software flaw reports.

Revisiting Secunia’s Personal Software Inspector

September 8, 2010
60 Comments

Security vulnerability research firm Secunia has released a public beta of its Personal Software Inspector tool, a program designed to help Microsoft Windows users keep their heads above water with the torrent of security updates for third-party applications. The new beta version includes the promised auto-update feature that can automatically apply the latest patches for a growing number of widely-used programs.