Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

The branded bug: Meet the people who name vulnerabilities

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 26 Nov 2014 09:10:07 +0000 (UTC)
http://www.zdnet.com/the-branded-bug-meet-the-people-who-name-vulnerabilities-7000036140/

By Violet Blue
Zero Day
ZDNet News
November 25, 2014
If the bug is dangerous enough, it gets a name. Heartbleed's branding changed the way we talk about security, but did giving a bug a logo make it frivolous... or is this the evolution of infosec?
Criminals, such as bank robbers, are often named because there are too many to keep track of. Just as killers and gangsters end up in history marked and defined by where they murdered (the "Trailside Killer") or having a characteristic ("Baby Face" Nelson), the same goes for critical bugs and zero days.
Stephen Ward, Senior Director at iSIGHT Partners (iSIGHT reported the "Sandworm" Microsoft zero-day), explained to ZDNet, "Researchers will often use unique characteristics discovered in malware or in command and control to give a team or a particular exploit a name. It helps to create an understanding and an ongoing reference point as malware variants surface or activities of a team continue." 

He continued

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
Previous By Date Next
Previous By Thread Next

Current thread: