Blog Elements

Half Sized Blog Element (Single Author Style)

Half Sized Blog Element (Multi Author Style)

Ethical Vulnerability Disclosure

2010-06-29/0 Comments/in General Security/by admin

Taxonomy of Computer Security

2010-06-28/0 Comments/in General Security/by admin

Computer security is frequently associated with three core areas, which can be conveniently summarized by the acronym “CIA” standing for Confidentiality — Ensuring that information is not accessed by unauthorized persons; Integrity — Ensuring that information is not altered by unauthorized persons in a way that is not detectable by authorized users; Authentication — Ensuring that users are the persons they claim to be.

Ethical Vulnerability Disclosure

2010-06-29/0 Comments/in General Security/by admin

Taxonomy of Computer Security

2010-06-28/0 Comments/in General Security/by admin

Full Sized Blog Element (Big Preview Pic)

Ethical Vulnerability Disclosure

2010-06-29/0 Comments/in General Security/by admin

The debate on whether vulnerabilities should be disclosed to force a vendor to fix the problem in a reasonable period or kept covert until a fix has been implemented has been a big discussion in the Information Security field. Black Hats, White Hats and even Grey Hats have their opinions. I personally have disclosed a vulnerability I discovered to vendor and known others who have as well, too only witness slow responses to rectify the matter to no responses at all.

In an Enterprise IT Planet Staff.com article, one group feels immediate disclosure effects change at a brisker pace (WMF again) and encourages vendors to tighten up their development practices. While other point to the complexity of software today, where yesterday’s feature becomes today’s liability. They would say that out of respect for users, and the community at large, vendors should be given a chance to make things right.

What do you think?

Taxonomy of Computer Security

2010-06-28/0 Comments/in General Security/by admin

Additional areas that are often considered part of the taxonomy of computer security include:

Access control — Ensuring that users access only those resources and services that they are entitled to access and that qualified users are not denied access to services that they legitimately expect to receive

Nonrepudiation — Ensuring that the originators of messages cannot deny that they in fact sent the messages

Availability — Ensuring that a system is operational and functional at a given moment, usually provided through redundancy; loss of availability is often referred to as “denial-of-service”

Privacy — Ensuring that individuals maintain the right to control what information is collected about them, how it is used, who has used it, who maintains it, and what purpose it is used for