Software Vulnerabilities

1 April 2016 at 4:25pm
The slides from our Networkshop session on Learning from Software Vulnerabilities are now available. All three talks showed how managing the process of finding, reporting and fixing vulnerabilities can improve the quality of software and the security of our systems.
28 September 2015 at 4:02am
Vulnerability handling – how organisations deal with reports of security weaknesses in their software and systems – is a field that has developed a lot in my time working for Janet. When I started most organisations received reports and fixed vulnerabilities on an ad hoc basis, if at all.
27 July 2015 at 4:33pm
I've spent a few weeks investigating how we can use open source tools to provide basic vulnerability assessment functionality within a small ISO 27001 scope (less than thirty systems). The more sophisticated and expensive and commercial products are great, but before we investigated their use I wanted to see what we could get on a limited budget (mostly my time).
24 June 2015 at 2:21pm
Thanks to recent work, particularly by the Dutch National Cyber Security Centre, the processes that result in successful discovery and reporting of software vulnerabilities are reasonably well understood.
23 June 2014 at 10:55pm
From personal experience many years ago I know the frustration of discovering a security vulnerability in a website, wanting to warn the site owners, but being unable to find a responsive contact to accept the information. However I also know, from even longer ago, what it's like to be a sysadmin told by a stranger that my precious computer has a bug in it that I urgently need to fix. They no doubt thought they were helping me, but it was awfully tempting to shoot the messenger!
17 April 2014 at 2:49pm
We have responded to the announcement of the OpenSSL vulnerability today, 8th April 2014. Technical advice (detailed below) has been issued to colleagues across the sector to assist them in responding to this vulnerability. In addition, replacement certificates, for those organisations affected by this vulnerability, will be issued at no cost by the Janet Certificate Service. If your organisation is affected by the OpenSSL vulnerability and is taking steps to address this, and requiring a replacement certificate, then please visit the following url for further information.
25 June 2013 at 3:31pm
Bug bounty schemes have always been controversial. In the early days of the Internet someone who found a bug in software was expected to inform the author and help fix it, as a matter of social responsibility. Suggesting that those researching vulnerabilities be paid for their time and effort seemed rather grubby. Unfortunately not everyone shared those scruples.
Subscribe to Software Vulnerabilities