[Dailydave] A really bad month for Novell
David Endler
dendler at tippingpoint.com
Fri Dec 1 08:14:44 EST 2006
> from: http://www.zerodayinitiative.com/advisories/ZDI-06-043.html
> 2005.07.07 - Digital Vaccine released to TippingPoint
customers
> 2006.10.02 - Vulnerability reported to vendor
I can understand the confusion. TippingPoint already protected its
customers against this vulnerability with a preexisting security filter
released in 2005. This particular Zero Day Initiative vulnerability was
purchased by us shortly before we disclosed it to the vendor in 2006.
Unfortunately the purchase/acquisition dates are not included the
disclosure timelines, which led to the confusion here. On average, it
may take the ZDI team several days or sometimes a couple of weeks to
validate a vulnerability depending on how much work the security
researcher has done up front, if other vulnerabilities shake loose as a
result of the particular find, and how many other issues are in their
queue.
-dave
p.s. To quell the conspiracy theorists, we didn't actually launch the
Zero Day Initiative until August 2005. http://zdi.3com.com/faq.html
More information about the Dailydave
mailing list