Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
This isn’t the first time, and certainly won’t be the last, that third-party patches are made available. In fact, in response to a growing number of zero-day vulnerabilities last year, a number of third-party patches were published, including the Microsoft Windows Meta File (WMF) and Internet Explorer CreateTextRange vulnerabilities.
Third-party patches are likely to continue to gain steam as the number of zero-day vulnerabilities continues to increase. Security researchers, eager to devise a solution to a present threat, will continue to rapidly develop and deploy patches on their own. While it shows impatience with the amount of time it takes software vendors to develop patches, it also sheds light on an unfortunate situation: responsible disclosure currently isn’t working.
This all began years ago, when it was common for software companies to ignore the security warnings from independent researchers about the security holes they uncovered in commercial software. The researchers, frustrated that the vulnerability went unfixed, used full public disclosure as a way to force vendors to take action. But, in many ways, this increased the risks against systems, as there always is an inherent security risk when too much information about a vulnerability is made public before the patch is issued.
Registered users may log in here.
Login or Register now and get unlimited access.