-
Wednesday, February 04, 2009
Common Vulnerabilities & Exposures (CVE) For The Rest Of Us
As of today, the Common Vulnerabilities and Exposures (CVE) database, hosted by Mitre Corporation (http://cve.mitre.org/) for the Department of Homeland Security (DHS), contains 34,542 entries. That may not seem like a large number, but any one of those entries can translate to multiple instances in the field. While the contents of this database are very important in the IT world to help security practitioners ply their trade, build rule sets, etc., there is a glaring lack of information on industrial control systems (ICS).
A search of the CVE database using “SCADA” or “DCS” or “PLC” as a search ...
Read full story
-
Thursday, June 26, 2008
Vulnerability Disclosure - What is the Right Answer?
While this story is getting a bit dated, the timing for my article now is intentional. As you may have seen recently, CORE Security released a cyber vulnerability notification for a problem found by one of it’s analysts in a CITECT product, http://www.coresecurity.com/?action=item&id=2186.
This leads us to question whether or not vulnerability disclosure is the right thing to do or not for the SCADA and process control industry. Of course this question comes up time and again for us here at Wurldtech as well. Hardly a day goes by that a vendor or asset owner asks us if we ...
Read full story