Security Patch Management
- May 19, 2016
The ImageTragick bug raises questions over responsible disclosure, as the flaw in the ImageMagick image-processing library exposes millions of websites to remote code execution.
- May 17, 2016
Google Project Zero disclosed a Symantec vulnerability that can be exploited with zero interaction and was described being as bad as it can possibly get.
- May 13, 2016
DHS US-CERT warns of a patched SAP Java vulnerability from 2010 that has enabled breaches at three dozen global enterprises due to configuration issues.
- May 10, 2016
Microsoft's May 2016 Patch Tuesday takes aim at an IE zero-day vulnerability, which experts say is the top priority, as well as a couple server-side flaws to keep an eye on.
- May 06, 2016
Roundup: Customers, vendors both unaware of unpatched open source vulnerabilities in commercial software. Plus OpenSSL patches, warrantless wiretaps and more.
- April 21, 2016
Oracle patches 136 security flaws in various products and a number of vulnerabilities were rated more critical because of a switch to CVSS 3.0.
- April 14, 2016
The much-hyped Badlock bug is still important to patch, but raised issues with celebrity vulnerability promotion and responsible disclosure of security vulnerabilities.
- April 12, 2016
Microsoft's April 2016 Patch Tuesday includes a patch for Badlock, a vulnerability which experts call "overhyped," but the most important patches may need extra care to apply.
- March 31, 2016
The serious Badlock vulnerability in Windows and Samba, announced three weeks prior to patches, triggers a debate over responsible disclosure of software flaws.
- March 16, 2016
A security researcher reports Oracle's 30-month-old failed patch for a Java vulnerability, and experts suggest it was an irresponsible disclosure, despite frustration with Oracle's patching process.
- March 09, 2016
Patching systems can be time-consuming and troublesome, so one expert suggests crowdsourced vulnerability patching to make the process faster and easier.
- March 08, 2016
Microsoft's March 2016 Patch Tuesday release has put Windows 10 security on display for good and bad, experts say.
- February 26, 2016
Roundup: Microsoft EMET is vulnerable to exploit; it's time to update to v5.5.Plus; Dell, IBM and Gemalto research reports claim cybercriminals are getting smarter, bigger and faster.
- February 09, 2016
Microsoft's February 2016 Patch Tuesday release goes after Adobe Flash vulnerabilities and more Windows Journal flaws.
- January 29, 2016
A new OpenSSL patch fixes a severe encryption flaw and strengthens the protocol against the Logjam vulnerability.