Russian Researcher Sets Vulnerabilities Free

Intevydis, a previously little-known Russian security firm, is making a name for itself by releasing details of unpatched zero day exploits at the rate of one a day for the rest of this month.

Keith Ferrell, Contributor

January 13, 2010

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Intevydis, a previously little-known Russian security firm, is making a name for itself by releasing details of unpatched zero day exploits at the rate of one a day for the rest of this month.While the Intevydis hole-a-day revelations are aimed, the firm says, at the inadequacies of "responsible disclosure" (keeping vulnerabilities generally quiet while giving the vulnerable software's manufacturers the chance to patch the hole), there's a lot of buzz about whether or not the Intevydis move is itself irresponsible zero-day exploit disclosure.

Irresponsible -- or worse, some say.

No surprise there -- this sort of thing comes up from time-to-time, and the back-and-forth about its ethics (or lack thereof)comes up right along with it.

That's one that won't be solved, certainly not any time soon.

But any time soon applies to patching the bugs as well: Some of the holes Intevydis is revealing have been around for years. They don't get patched for a variety of reasons, but one that we've all heard is that a particular vulnerability is "low priority."

Maybe so -- for the software maker. How low the priority for the exploiters, though, is a question, at least one of them, that the Intevydis revelations may begin to answer.

The Intevydis blog discussing the month of bugs is here.

Read more about:

2010

About the Author

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights