Welcome to TechNet Blogs Sign in | Join | Help

Browse by Tags

All Tags » Commentary   (RSS)

Exploitability Index - More Information for Customers

Yesterday at Black Hat 2008, along with some other stuff , we announced that we will be adding some new information to Security Bulletins - an "Exploitability Index" for each of the vulnerabilities addressed by the bulletin. Based upon talking with Microsoft Read More...
Posted Wednesday, August 06, 2008 5:20 PM by jrjones | 3 Comments

RSA Crypto Panel: Martin Hellman on 0.01% Events

In the past, I haven't always stayed to hear the Crypto panel, but based upon the excellent one this year, I'll definitely include it in my plans going forward. If you want to hear an overview of what they all said, I can recommend Robert Vamosi's story Read More...
Posted Thursday, April 10, 2008 1:04 AM by jrjones | 0 Comments

Severity Rating Systems - Part 1

Read the full Part 1 on CSOonline . Recently, Red Hat has raised some objections to my use in analysis of the High, Medium and Low severity ratings as determined by the National Institute of Standards (NIST) for the National Vulnerability Database (NVD) Read More...
Posted Friday, November 02, 2007 10:32 PM by jrjones | 0 Comments

Red Hat Enterprise Linux 4 Passes 1000 Vulnerabilities

A few weeks after my July OS Vulnerability Scorecard posting, I was amused to see a posting about it on truthhhappens.redhatmagazine.com (click to see the post). I can't even do it justice by paraphrasing, so here is the text: A Microsoft vulnerability Read More...
Posted Tuesday, October 16, 2007 6:23 PM by jrjones | 5 Comments

What if We Had Vuln-Free Software?

I was in a meeting with a large group of security professional today talking about SDL, reducing vulnerabilities, metrics, and so on - my normal topics - and we got into a really interesting discussion about which areas of focus can get the best practical Read More...
Posted Saturday, September 29, 2007 12:00 AM by jrjones | 1 Comments

Windows XP vs Windows Vista Security

So, a couple of days ago, I happened upon the tantalizing headline of Review: Vista, XP Users Equally At Peril To Viruses, Exploits. What!? As you can imagine, the headline sucked me in and I had to read it. Frankly, the article as well as the scientific Read More...
Posted Friday, June 01, 2007 10:21 PM by jrjones | 3 Comments

Windows Server codename "Longhorn" - Server Core Install

This past weekend I dug into an aspect of Windows Server codename "Longhorn" to personally check out something that I've been excited about for a while - a "server core" installation. Doing the Installation After burning myself a Beta3 disk, I fired it Read More...
Posted Tuesday, May 15, 2007 11:37 PM by jrjones | 1 Comments

Just for Fun: Covering My Coverage

Since published my Windows Vista - 90 Day Vulnerability Report , I have been reading a lot of the various commentary and generally, I take it with a grain of salt. Many of the comments indicate that the person didn't even read the report, which is fairly Read More...
Posted Friday, March 30, 2007 9:49 PM by jrjones | 0 Comments
 
Page view tracker