Every company strives to maintain the highest possible security for their products. Nonetheless, security vulnerabilities are bound to exist in any system. Identifying these vulnerabilities is therefore key. However, what an organization does with its vulnerability data varies from company to company based on its vulnerability disclosure policy. In this article, we define a vulnerability… Continue reading Vulnerability disclosure policy (and how to get it right)
First Officer’s log, Terrestrial date, 20221017. Officer of the Deck reporting. While most of the crew were enjoying the hospitality at Starbase 42, the captain and senior staff briefed the rest of the department heads on what caused our diversion here in the first place. Apparently, one of the starbase’s officers misplaced their combadge while… Continue reading CVE-2022-40684 and more: first officer’s blog – week 21
On February 10, Apple released an urgent update for iOS, iPadOS and MacOS to fix the dangerous zero-day CVE-2022-22620 vulnerability. While Apple does not disclose vulnerabilities until after they have completed their research and most users have patches in place, they recommend updating devices as soon as possible. Meanwhile, CISA have ordered federal agencies to… Continue reading How to fix the zero day CVE-2022-22620 vulnerability
As 2019 draws to a close, we want to look back at the year’s biggest security breaches. Some we chose because of the damage they caused, others because of how easily they could have been avoided, just by using stronger passwords or paying attention to warnings. Even the more complex ones could have been prevented… Continue reading Looking Back at 2019’s Nastiest Software Vulnerabilities
With the end of the year, it’s prime time to reflect on vulnerability trends since the start of the decade.