Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Clickjacking flaw discussion moratorium

Fortify : 24 September, 2008  (Technical Article)
Crackers' discussion of Adobe Clickjacking problem suspended in effort to enable time for vendor response
Fortify Software says that an informal agreement by the software cracking community to temporarily cease open discussion of the Adobe Clickjacking flaw is a positive move for the IT security industry.

'All responsible security research organisations - ourselves included - will always give the vendor time to respond before discussing the issue, so it's good to see the cracker community holding off.' said Brian Chess, Fortify's founder and chief scientist.

'Two well-known security researchers - Robert Hansen and Jeremiah Grossman - were also scheduled to give a talk on the problem at the Open Web Application Security Project in New York later this month, but it's also good to hear that they have shelved their plans pending Adobe releasing its security patches in the interim,' he added.

According to Chess, whilst security research companies - including Fortify Software - will continue their constant work on better protecting software users against all the vagaries of application flaws and allied security issues, it is important that the industry works together in a coherent fashion when it comes to minimising the overall risk.

There is, he said, no point in prematurely releasing details of a flaw when the vendor concerned is known to be working on a patch.

'The only exception to the rule is where the potentially fallout from the flaw is so great - with hackers already aware of the problem and clearly exploiting it - that it will benefit the industry by publicising the problem and helping everyone to immediately counter the issue,' he said
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo