Unpatched security holes: IBM re-evaluates - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 14th, 2012

Linux Advisory Watch: May 10th, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Unpatched security holes: IBM re-evaluates

User Rating:

How can I rate this item?

Source: H Security - Posted by Alex

IBM's X-Force security team has updated the security report for the first half of 2010 it released last week after two vendors questioned the correctness of the team's evaluations. The controversy was sparked by a table containing the ten vendors who left the most security holes unpatched over a period of six months: Ranking in the top 10 for the first time, Google was originally said to have left 33% of its critical holes unpatched, which put the vendor in first place in this category.

However, according to Google's own research, the 33% result was caused by one of three critical holes – and even that only because the allegedly unpatched hole was classified incorrectly. Google said that a "stack buffer overflow" is only a "stack overflow" and can potentially be exploited to destabilise a system, but not usually to inject malicious code. This decreases Google's unpatched critical holes from 33% to 0%.

Read this full article at H Security