• Home
  • About
  • Contact
  • Privacy
  • Terms
  • DCMA
  • Write For Us / Submit
Tech News, Magazine & Review WordPress Theme 2017
  • Tech
    Enhance your omnichannel service strategies with data-driven insights.

    Black Market for Fraudulent Ad Accounts Found on Facebook

    Sen. Mark Warner and Sen. Marco Rubio at a hearing.

    Trump’s TikTok ban might have been right after all

    14 Gift Ideas for the Home Chef (2022): Vitamix, Cookbooks, and More

    14 Gift Ideas for the Home Chef (2022): Vitamix, Cookbooks, and More

    6 Android Apps for Budget Management

    Twitter, Facebook, Lyft layoffs spark fears of dotcom crash 2.0

    Facebook layoffs are a reminder that your job won’t love you back

    Facebook layoffs are a reminder that your job won’t love you back

    Facebook Reels app on a smartphone on a yellow background

    How to Hide Reels on Facebook

    6 Android Apps for Budget Management

    Meta lays off 11,000 workers as it faces competition from TikTok

    reduce a PDF’s file size

    How to reduce a PDF’s file size for Mac and Windows

    7 Best Tools To Boost UX Designer's Work In 2022

    7 Best Tools To Boost UX Designer’s Work In 2022

  • Gear
    • All
    • Camera
    • Laptop
    • Smartphone
    Pixel Watch in the test

    Google Pixel Watch in the Test

    Top 5 Websites To Buy Camera Lenses At Reasonable Price

    Top 5 Websites To Buy Camera Lenses At Reasonable Price

    US midterm results latest: Republicans win 218 seats to take House as Kevin McCarthy wins initial GOP speaker vote

    US midterm results latest: Republicans win 218 seats to take House as Kevin McCarthy wins initial GOP speaker vote

    Google Pixel Watch

    Your Pixel Watch is Getting Better at Sleep Tracking

    Analyst: iPhone 14 Plus Sales Lagged Behind iPhone 13 Mini, Strategy 'Failed'

    Apple’s Emergency SOS Service for iPhone 14 Goes Live in US and Canada

    Pixel 7 Pro hazel top down view with display on

    Survey shows few people have had major issues with the Pixel 7 series

    Trending Tags

    • Best iPhone 7 deals
    • Apple Watch 2
    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • iOS 10
    • iPhone 7
    • Sillicon Valley
  • Gaming
    Discord on Xbox is dropping its reliance on your phone

    Xbox rolls out official support for Discord, Lightstream, and Streamlabs

    Samsung brings Xbox Cloud Gaming and GeForce Now to 2021 sets

    Samsung brings Xbox Cloud Gaming and GeForce Now to 2021 sets

    Virtual Gaming Revolution Continuing To Develop

    Virtual Gaming Revolution Continuing To Develop

    How to Set Custom Shortcuts for Xbox Game Bar in Windows

    How to Set Custom Shortcuts for Xbox Game Bar in Windows

    Asus' ROG Flow Z13 is a Surface for gaming

    Asus’ ROG Flow Z13 is a Surface for gaming

    Atari's 50th anniversary celebration gives players a hands-on lesson in video gaming history

    Atari’s 50th anniversary celebration gives players a hands-on lesson in video gaming history

  • Crypto
    Enhance your omnichannel service strategies with data-driven insights.

    Black Market for Fraudulent Ad Accounts Found on Facebook

    Sen. Mark Warner and Sen. Marco Rubio at a hearing.

    Trump’s TikTok ban might have been right after all

    14 Gift Ideas for the Home Chef (2022): Vitamix, Cookbooks, and More

    14 Gift Ideas for the Home Chef (2022): Vitamix, Cookbooks, and More

    6 Android Apps for Budget Management

    Twitter, Facebook, Lyft layoffs spark fears of dotcom crash 2.0

    Facebook layoffs are a reminder that your job won’t love you back

    Facebook layoffs are a reminder that your job won’t love you back

    Facebook Reels app on a smartphone on a yellow background

    How to Hide Reels on Facebook

    6 Android Apps for Budget Management

    Meta lays off 11,000 workers as it faces competition from TikTok

    reduce a PDF’s file size

    How to reduce a PDF’s file size for Mac and Windows

    7 Best Tools To Boost UX Designer's Work In 2022

    7 Best Tools To Boost UX Designer’s Work In 2022

  • Business
    Enhance your omnichannel service strategies with data-driven insights.

    Black Market for Fraudulent Ad Accounts Found on Facebook

    Sen. Mark Warner and Sen. Marco Rubio at a hearing.

    Trump’s TikTok ban might have been right after all

    14 Gift Ideas for the Home Chef (2022): Vitamix, Cookbooks, and More

    14 Gift Ideas for the Home Chef (2022): Vitamix, Cookbooks, and More

    6 Android Apps for Budget Management

    Twitter, Facebook, Lyft layoffs spark fears of dotcom crash 2.0

    Facebook layoffs are a reminder that your job won’t love you back

    Facebook layoffs are a reminder that your job won’t love you back

    Facebook Reels app on a smartphone on a yellow background

    How to Hide Reels on Facebook

    6 Android Apps for Budget Management

    Meta lays off 11,000 workers as it faces competition from TikTok

    reduce a PDF’s file size

    How to reduce a PDF’s file size for Mac and Windows

    7 Best Tools To Boost UX Designer's Work In 2022

    7 Best Tools To Boost UX Designer’s Work In 2022

No Result
View All Result
Geeky Insider
  • Tech
    Enhance your omnichannel service strategies with data-driven insights.

    Black Market for Fraudulent Ad Accounts Found on Facebook

    Sen. Mark Warner and Sen. Marco Rubio at a hearing.

    Trump’s TikTok ban might have been right after all

    14 Gift Ideas for the Home Chef (2022): Vitamix, Cookbooks, and More

    14 Gift Ideas for the Home Chef (2022): Vitamix, Cookbooks, and More

    6 Android Apps for Budget Management

    Twitter, Facebook, Lyft layoffs spark fears of dotcom crash 2.0

    Facebook layoffs are a reminder that your job won’t love you back

    Facebook layoffs are a reminder that your job won’t love you back

    Facebook Reels app on a smartphone on a yellow background

    How to Hide Reels on Facebook

    6 Android Apps for Budget Management

    Meta lays off 11,000 workers as it faces competition from TikTok

    reduce a PDF’s file size

    How to reduce a PDF’s file size for Mac and Windows

    7 Best Tools To Boost UX Designer's Work In 2022

    7 Best Tools To Boost UX Designer’s Work In 2022

  • Gear
    • All
    • Camera
    • Laptop
    • Smartphone
    Pixel Watch in the test

    Google Pixel Watch in the Test

    Top 5 Websites To Buy Camera Lenses At Reasonable Price

    Top 5 Websites To Buy Camera Lenses At Reasonable Price

    US midterm results latest: Republicans win 218 seats to take House as Kevin McCarthy wins initial GOP speaker vote

    US midterm results latest: Republicans win 218 seats to take House as Kevin McCarthy wins initial GOP speaker vote

    Google Pixel Watch

    Your Pixel Watch is Getting Better at Sleep Tracking

    Analyst: iPhone 14 Plus Sales Lagged Behind iPhone 13 Mini, Strategy 'Failed'

    Apple’s Emergency SOS Service for iPhone 14 Goes Live in US and Canada

    Pixel 7 Pro hazel top down view with display on

    Survey shows few people have had major issues with the Pixel 7 series

    Trending Tags

    • Best iPhone 7 deals
    • Apple Watch 2
    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • iOS 10
    • iPhone 7
    • Sillicon Valley
  • Gaming
    Discord on Xbox is dropping its reliance on your phone

    Xbox rolls out official support for Discord, Lightstream, and Streamlabs

    Samsung brings Xbox Cloud Gaming and GeForce Now to 2021 sets

    Samsung brings Xbox Cloud Gaming and GeForce Now to 2021 sets

    Virtual Gaming Revolution Continuing To Develop

    Virtual Gaming Revolution Continuing To Develop

    How to Set Custom Shortcuts for Xbox Game Bar in Windows

    How to Set Custom Shortcuts for Xbox Game Bar in Windows

    Asus' ROG Flow Z13 is a Surface for gaming

    Asus’ ROG Flow Z13 is a Surface for gaming

    Atari's 50th anniversary celebration gives players a hands-on lesson in video gaming history

    Atari’s 50th anniversary celebration gives players a hands-on lesson in video gaming history

  • Crypto
    Enhance your omnichannel service strategies with data-driven insights.

    Black Market for Fraudulent Ad Accounts Found on Facebook

    Sen. Mark Warner and Sen. Marco Rubio at a hearing.

    Trump’s TikTok ban might have been right after all

    14 Gift Ideas for the Home Chef (2022): Vitamix, Cookbooks, and More

    14 Gift Ideas for the Home Chef (2022): Vitamix, Cookbooks, and More

    6 Android Apps for Budget Management

    Twitter, Facebook, Lyft layoffs spark fears of dotcom crash 2.0

    Facebook layoffs are a reminder that your job won’t love you back

    Facebook layoffs are a reminder that your job won’t love you back

    Facebook Reels app on a smartphone on a yellow background

    How to Hide Reels on Facebook

    6 Android Apps for Budget Management

    Meta lays off 11,000 workers as it faces competition from TikTok

    reduce a PDF’s file size

    How to reduce a PDF’s file size for Mac and Windows

    7 Best Tools To Boost UX Designer's Work In 2022

    7 Best Tools To Boost UX Designer’s Work In 2022

  • Business
    Enhance your omnichannel service strategies with data-driven insights.

    Black Market for Fraudulent Ad Accounts Found on Facebook

    Sen. Mark Warner and Sen. Marco Rubio at a hearing.

    Trump’s TikTok ban might have been right after all

    14 Gift Ideas for the Home Chef (2022): Vitamix, Cookbooks, and More

    14 Gift Ideas for the Home Chef (2022): Vitamix, Cookbooks, and More

    6 Android Apps for Budget Management

    Twitter, Facebook, Lyft layoffs spark fears of dotcom crash 2.0

    Facebook layoffs are a reminder that your job won’t love you back

    Facebook layoffs are a reminder that your job won’t love you back

    Facebook Reels app on a smartphone on a yellow background

    How to Hide Reels on Facebook

    6 Android Apps for Budget Management

    Meta lays off 11,000 workers as it faces competition from TikTok

    reduce a PDF’s file size

    How to reduce a PDF’s file size for Mac and Windows

    7 Best Tools To Boost UX Designer's Work In 2022

    7 Best Tools To Boost UX Designer’s Work In 2022

Submit
Geeky Insider
No Result
View All Result

Sloppy Software Patches Are a ‘Disturbing Trend’

by Staff Writer
October 5, 2022
in Apps And Softwares, Articles
Reading Time: 3 mins read
Sloppy Software Patches Are a ‘Disturbing Trend’
Share on FacebookShare on Twitter

The whole purpose of vulnerability disclosure is to notify software developers about flaws in their code so they can create fixes, or patches, and improve the security of their products. But after 17 years and more than 10,000 vulnerability disclosures, the Zero Day Initiative is calling out a “disturbing trend” at the Black Hat security conference in Las Vegas today and announcing a plan to apply some counter pressure.

ZDI, which has been owned by the security firm Trend Micro since 2015, is a program that buys vulnerability findings from researchers and handles disclosure to vendors. In exchange, Trend Micro, which makes an antivirus tool and other defense products, gets a wealth of information and telemetry that it can use to track research and hopefully protect its customers. The group estimates that it has handled roughly 1,700 disclosures so far this year. But ZDI warns that, from its bird’s eye view, it found that the quality of vendor patches overall has been slipping in recent years. 

READ ALSO

Google Play streamlines policies around kids' apps as regulations tighten • TechCrunch

Google Play streamlines policies around kids’ apps as regulations tighten • TechCrunch

November 16, 2022
Live TV Apps Like Bioscope TV

Live TV Apps Like Bioscope TV

November 16, 2022

More and more often, the group buys a bug from a researcher, it gets patched, and then soon after ZDI is buying another report about how to bypass the patch, sometimes with multiple rounds of patching and circumvention. ZDI also says that it has noticed a worrying trend of companies disclosing less specific information about vulnerabilities in their public security alerts, making it more difficult for users around the world to assess how serious a vulnerability is and formulate patch prioritization—a real concern for big institutions and critical infrastructure.

 “Over the last few years, we’ve really noticed that the quality of security patches has noticeably declined,” says ZDI member Dustin Childs. “There’s no accountability for having incomplete or faulty patches.”

ZDI researchers say that bad patches happen for a variety of reasons. Figuring out how to fix software flaws can be a nuanced and delicate process, and sometimes companies lack the expertise or haven’t made the investment to generate elegant solutions to these important problems. Organizations may be rushing to close bug reports and clear their slate and they may not take the necessary time to conduct “root cause” or “variant” analysis and assess underlying issues so deeper problems can be comprehensively fixed.

Regardless of the reason, bad patches are a real concern. At the end of June, Google’s Project Zero bug hunting team found that at least half of the novel vulnerabilities it has tracked being exploited by attackers in the wild so far in 2022 are variants of previously patched flaws.

“A combination of things over time has led us to believe that we actually have a more serious problem than most people understand,” says Brian Gorenc, who runs ZDI. 

Like other organizations heavily involved in disclosure, notably including Project Zero, ZDI gives developers a deadline for how long they have to issue a patch before details about the vulnerability in question get published publicly. ZDI’s standard deadline is 120 days from disclosure. But in reaction to the epidemic of bad patches, the group is today announcing a new set of deadlines for bugs that have been previously patched. 

Depending on the severity of the flaw, how easy it is to bypass the patch, and how likely ZDI thinks it is that the vulnerability will be exploited by attackers, the group will now set deadlines of 30 days for critical flaws, 60 days for bugs where the existing patch provides some protection, and 90 days for all other cases. The move follows a tradition of using public disclosure as an important point of leverage—one of the few security proponents have—to spur necessary improvements in how developers handle high-stakes software flaws that potentially impact users around the world.

“The weaponization of failed patches in various vulnerabilities is absolutely being used in the wild right now,” ZDI’s Childs says. “It’s a real problem that has real consequences to the user and we’re trying to incentivize vendors to get it right the first time.”

Source by www.wired.com

Related Posts

What Is Tinder Here's What You Should Know About The Tinder Dating App Clone
Apps And Softwares

What Is Tinder? Here’s What You Should Know About The Tinder Dating App Clone

January 9, 2023
How does eye-tracking work
Apps And Softwares

What is eye tracking?

December 27, 2022
Online Video Streaming Platform as a Business Opportunity
Apps And Softwares

Online Video Streaming Platform as a Business Opportunity

December 16, 2022
Google is making it easier to fix crashing Android apps
Apps And Softwares

Google is making it easier to fix crashing Android apps

November 17, 2022

Recommended.

Canadian SMBs are optimistic about the future state of their business, researchers find

Canadian SMBs are optimistic about the future state of their business, researchers find

October 26, 2022
Android’s audio output switcher may soon let you pick cast devices, too

Android’s audio output switcher may soon let you pick cast devices, too

October 16, 2022

Trending.

Facebook parent Meta launches startup accelerator with India's IT ministry in metaverse push • TechCrunch

Facebook parent Meta launches startup accelerator with India’s IT ministry in metaverse push • TechCrunch

September 13, 2022
How to pick the right mental health solution for your organisation

How to pick the right mental health solution for your organisation

September 13, 2022
Apple cracks down on sites with iOS 16 developer beta profiles

5 best reasons to update your iPhone to iOS 16 today

September 13, 2022
Apple increases iPhone 14 battery replacement cost by 43%

Apple increases iPhone 14 battery replacement cost by 43%

September 13, 2022
Vedanta and Foxconn sign agreement with Indian state for $20 billion semiconductor unit • TechCrunch

Vedanta and Foxconn sign agreement with Indian state for $20 billion semiconductor unit • TechCrunch

September 13, 2022
Geeky Insider

Geeky Insider is Web based independent Tech Magazine covering Topics Related to Technology, Gadgets, Software, Gaming, Crypto, Business And So on. Read More...

Submit a Techy Post | Write For Us

Feel free to contact us for submission queries. via contact form or email us at [email protected].

Categories

  • Android
  • Apple
  • Apps And Softwares
  • Articles
  • Business
  • Camera
  • Crypto
  • Education
  • Entertainment
  • Gadget and Gear
  • Gaming
  • How To
  • Laptop
  • Marketing
  • Microsoft
  • Review
  • Security
  • Smartphone
  • Technology
Sell on Amazon

Sell on Amazon – 5 reasons why you should put on the platform as a dealer!

January 18, 2023
Digitization in Business

Digitization in Business – How you can master the challenge?

January 18, 2023
Best Sales Tips to Boost Your Sales Success

20 Best Sales Tips to Boost Your Sales Success

January 18, 2023
  • Home
  • About
  • Contact
  • Privacy
  • Terms
  • DCMA
  • Write For Us / Submit

© 2022 GeekyInsider.com

No Result
View All Result
  • Home
  • Review
  • Apple
  • Gaming
  • Gadget and Gear
    • Camera
    • Smartphone
  • Microsoft
  • Security