A Digital Age Deserves A Digital Leader

Technology, Support, and News Forum 

Red Hat Spearheads Vulnerability Initiative

Post a reply

Red Hat Spearheads Vulnerability Initiative

Postby rippinchikkin » Fri Sep 08, 2006 4:36 pm

<img src="http://parcom.pro-networks.org/PROneT-News/redhat.gif" align="right" alt="Red Hat spearheads vulnerability initiative">Red Hat spearheads vulnerability initiative
By Tom Espiner
September 07, 2006, 18:30 BST

The open source software company has proposed an initiative to let customers know when they are affected by vulnerabilities, and also when they are not. Open source software vendor Red Hat has announced a new initiative, implemented by the National Institute of Standards and Technology (NIST), that enables members of the software industry to officially and publicly comment on vulnerabilities that may affect their software.

This service was implemented on Thursday within the National Vulnerability Database (NVD) at NIST, which holds US government vulnerability information. It will enable vendors selling different distributions of the same software to notify people in real time whether or not the software is vulnerable to exploits. Mark Cox, the security response team director for Red Hat, came up with the idea after a miscalculation which allows inappropriate access to memory in Apache was disclosed on 21 August.

Other Linux distributors issued advisories for their versions of Apache, but Red Hat did not, as their version of the software was not vulnerable. However, Cox was quizzed by customers wondering why Red Hat had not issued an advisory. Red Hat approached NIST with the idea of using the NVD to create an official vendor statement service, based on the Common Vulnerabilities and Exposures (CVE) naming standard.

Unlike other services which promote vulnerabilities, this new scheme will also inform people if they are safe from a particular flaw. "Open source software companies are great at telling their customers about issues, but we're not so good at telling people when they're not affected," Cox told ZDNet UK. "We wrote up a proposal for NIST, and they thought it was a great idea," Cox added.

<img src="http://www.pro-networks.org/forum/images/smiles/source.jpg"> ZDNET News
<img src="http://www.pro-networks.org/forum/images/smiles/view.jpg" border="0"> <a href="http://news.zdnet.co.uk/internet/0,39020369,39282879,00.htm" target="_blank"> complete article</a>
rippinchikkin
VP - Syndication
User avatar
Posts: 15191
Joined: Fri Mar 19, 2004 1:38 am
Location: 32°28′05″N 93°46′16″W
Top
Post a reply

Return to Other Operating Systems

Who is online

Users browsing this forum: No registered users and 2 guests

Board index
Delete all board cookies
cron
cron