Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

A LISP programmer knows the value of everything, but the cost of nothing. -- Alan Perlis

computers / comp.os.vms / Industry timescale trends for fixing vulnerabilities

SubjectAuthor
o Industry timescale trends for fixing vulnerabilitiesSimon Clubley

1
Industry timescale trends for fixing vulnerabilities

<sue8k6$vuv$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=20759&group=comp.os.vms#20759

  copy link   Newsgroups: comp.os.vms
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: club...@remove_me.eisner.decus.org-Earth.UFP (Simon Clubley)
Newsgroups: comp.os.vms
Subject: Industry timescale trends for fixing vulnerabilities
Date: Mon, 14 Feb 2022 18:56:07 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 30
Message-ID: <sue8k6$vuv$1@dont-email.me>
Injection-Date: Mon, 14 Feb 2022 18:56:07 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="1b3fba9972e12b225bb8deb3d1328554";
logging-data="32735"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+wvdvq2BG8PfmFGqLdfnxMjH0N7bQR0RY="
User-Agent: slrn/0.9.8.1 (VMS/Multinet)
Cancel-Lock: sha1:Hd3vJLjZjGj/Ca1pAS88wjlQAJ8=
 by: Simon Clubley - Mon, 14 Feb 2022 18:56 UTC

An interesting report from Google Project Zero shows that the
industry is moving towards quicker response times when fixing
vulnerabilities (and deploying the fixes).

It is taking an average of 52 days to go through the fixing process
and the Linux security people are way out front with an average fix
time of just 25 days.

The report itself is here:

https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html

and the Register's summary is here:

https://www.theregister.com/2022/02/14/in_brief_security/

This is directly applicable to VSI as this is the world they are
now working in and are the kind of timescales that vulnerabilities
will be fixed in (and even reports about possible security issues in
general are examined) that is now expected these days.

BTW, Google allow a vendor a maximum of 90 days to fix the issue,
along with an additional grace period of 14 days, before they disclose
the vulnerability details.

Simon.

--
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor