My thinking is we could use something like OpenSecurity to track vulnerabilities, and when it’s clear there’s a clanger or exploitation in wild, we send out a wider notification. Because thousands of new CVEs a month is problematic to prioritise.
-
-
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
My thoughts: STIIX/TAXI or MISP feeds would be appreciated. I don't see a lot of public ones.
-
I think that’s too complex for most orgs. I’m thinking email.
- Još 5 drugih odgovora
Novi razgovor -
-
-
The problem that I see is that, while any one org may only have 3 or 4 realistically exploitable boundary vulnerabilities a year... each org is different, and making sure to cover enough variations would result in more emails than that.
-
I just wouldn’t cater for niches.
- Još 2 druga odgovora
Novi razgovor -
-
-
Good idea but I'd rather know about them as soon as that information is available.
-
Subscribe to CVE database and get 100 emails a day
Kraj razgovora
Novi razgovor -
-
-
How would you know what is realistically exploitable for my env?
-
If you run Citrix Gateway or Pulse VPN or Fortigate SSL VPN or SharePoint, I can tell you what is realistically exploitable

- Još 1 odgovor
Novi razgovor -
-
-
Key question for any automated assessment whether its for accessibility, security, or performance: is the realistic user for this service capable of fixing the issues themselves? If not, it's not useful IMO. But sign me up lol.
-
I mean it would be an email, if people can fix stuff is up to them
- Još 1 odgovor
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.