A researcher has revealed a Zero-Day Vulnerability in FireEye and says there are three other vulnerabilities and all of them are for sale. Ken Westin, Security Analyst for Tripwire commented on the zero-day vulnerability in FireEye’s core product, which if exploited, results in unauthorized file disclosure.
[su_note note_color=”#ffffcc” text_color=”#00000″]Ken Westin, Security Analyst for Tripwire :
“Security researchers are increasingly targeting security software vulnerabilities for a number of reasons. Some security researchers are looking for vulnerabilities in open source and commonly used libraries and tools to help make them more secure. Other security researchers are more profit driven, looking for bug bounties from software vendors, or some other form of payout from software vendors when they identify vulnerabilities. This can put software vendors in a precarious situation, as they may wish to ensure their software is secure, however do not want to be held at ransom, or have vulnerabilities in their products sold to zero day brokers. Many software vendors provide a process for security researchers to reach out through the responsible disclosure process and as an incentive they provide bounties and other benefits. However, it can be a challenge to identify which vulnerabilities are serious and pose actual threats to their customers. It also takes time and resources to investigate vulnerability claims.”[/su_note][su_box title=”About Tripwire” style=”noise” box_color=”#336588″]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.