Information Security News mailing list archives
The branded bug: Meet the people who name vulnerabilities
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 26 Nov 2014 09:10:07 +0000 (UTC)
http://www.zdnet.com/the-branded-bug-meet-the-people-who-name-vulnerabilities-7000036140/ By Violet Blue Zero Day ZDNet News November 25, 2014If the bug is dangerous enough, it gets a name. Heartbleed's branding changed the way we talk about security, but did giving a bug a logo make it frivolous... or is this the evolution of infosec?
Criminals, such as bank robbers, are often named because there are too many to keep track of. Just as killers and gangsters end up in history marked and defined by where they murdered (the "Trailside Killer") or having a characteristic ("Baby Face" Nelson), the same goes for critical bugs and zero days.
Stephen Ward, Senior Director at iSIGHT Partners (iSIGHT reported the "Sandworm" Microsoft zero-day), explained to ZDNet, "Researchers will often use unique characteristics discovered in malware or in command and control to give a team or a particular exploit a name. It helps to create an understanding and an ongoing reference point as malware variants surface or activities of a team continue."
He continued [...] -- Evident.io - Continuous Cloud Security for AWS. Identify and mitigate risks in 5 minutes or less. Sign up for a free trial @ https://evident.io/
Current thread:
- The branded bug: Meet the people who name vulnerabilities InfoSec News (Nov 26)