Here’s some good news for those of you who like all these “month-of” flaw disclosure projects: There’s a new one that focuses on ActiveX vulnerabilities.
Of course, this is bad news for those who believe such projects do nothing but generate publicity for researchers and lead to more attacks.
On the Month of ActiveX Bugs (MoAxB) Web site, a researcher using the name “shinnai” says most of the flaws to be unveiled will be denial-of-service issues that can cause the running application and/or Windows to crash. The researcher says the goal is to make people more aware of the risks in ActiveX controls.
This latest project comes on the heels of such previous events as the Month of Apple Bugs, Month of Kernel Bugs and Month of Browser Bugs.
Advocates of such projects say they raise awareness of threats and force vendors to take them more seriously. Opponents say the projects are more about publicity for the researcher than about better security.