Fortify views Adobe crackers’ approach on Clickjacking as positive
by Storage Expo
Fortify Software, the application vulnerability specialist, says that an informal agreement by the software cracking community to temporarily cease open discussion of the Adobe Clickjacking flaw is a positive move for the IT security industry.
“All responsible security research organisations – ourselves included – will always give the vendor time to respond before discussing the issue, so it’s good to see the cracker community holding off.”said Brian Chess, Fortify’s founder and chief scientist.
“Two well-known security researchers – Robert Hansen and Jeremiah Grossman – were also scheduled to give a talk on the problem at the Open Web Application Security Project in New York later this month, but it’s also good to hear that they have shelved their plans pending Adobe releasing its security patches in the interim,” he added.
According to Chess, whilst security research companies – including Fortify Software – will continue their constant work on better protecting software users against all the vagaries of application flaws and allied security issues, it is important that the industry
works together in a coherent fashion when it comes to minimising the overall risk.
There is, he said, no point in prematurely releasing details of a flaw when the vendor concerned is known to be working on a patch.
“The only exception to the rule is where the potentially fallout from the flaw is so great – with hackers already aware of the problem and clearly exploiting it – that it will benefit the industry by publicising the problem and helping everyone to immediately counter the issue,” he said.
Click here to discuss this: Security Forums
Related posts to "Fortify views Adobe crackers’ approach on Clickjacking as positive":
- Adobe Issues Flash Update
- Tier-3 says Adobe warning highlights need for new approach to malware detection
- Adobe Flash Player Bug
- Estimated 10,000 websites still contain buggy Flash Player files
- Finjan Prevents Zero-Day Exploit of Adobe Acrobat Reader
Speak Your Mind
Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!
Previous: « Fortify Software welcomes IBM’s latest diversification
Next: SPIT anti-SPAM For VoIP »
Visited 2418 times, 3 so far today