A visiting US security expert believes not all businesses should be alerted to computer security flaws and the hacking community should ease off and give vendors time to fix up the mess. Data from Internet Security Systems shows that computer exploits (taking advantage of flaws in systems and software), not viruses, are the bigger security threat these days. The number of exploits has increased rapidly to about 300 a month, whereas the number of viruses is declining equally fast. Rules of disclosure give vendors about 30 days to find a fix for a vulnerability before the wider public is alerted to the flaw. Alternatively, hackers sometimes expose the flaw first and cause mass panic. On a recent visit to Sydney, Oracle’s chief security officer, Mary Ann Davidson, expounded the theory of “responsible disclosure” and said hackers should give vendors time to fix flaws before revealing them to the world. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.