Critical awareness ? The problem of monitoring security vulnerabilities |
Security vulnerabilities are known problems that frequently affect operating systems, Internet servers and application programs from numerous vendors. The paper examines the scale of the problem, referencing advisory sources such as CERT/CC, BugTraq and CVE. Although it is relatively easy to obtain advisories, administrators can be overwhelmed by the volume of information ? not all of which is relevant. The paper proposes a generic vulnerability report format, which aims to provide a basis for administrators to filter and prioritise incoming information to suit their needs.
Furnell SM, Alayed A, Barlow I, Haskell-Dowland PS (Dowland PS)