8/14/2023 0 Comments Bugzilla online![]() ![]() Weaponising a vulnerability to turn it into a working exploit is often very difficult and may require detailed information about the bug that causes the vulnerability.įor that reason, many Bugzilla implementations are configured so that insiders can see (and receive email notifications about) all the gory details of every bug and its progress through the system, but outsiders can’t. → A vulnerability is bug that could theoretically allow a crook to get unauthorised access to your computer or online service an exploit is a working attack that puts a vulnerability into practical use. That’s because the bug report might include sufficient detail to act as a sort of proof-of-concept (PoC) that would allow a cybercriminal to exploit the vulnerability revealed in the bug report. That way, there are no more secrets, Marty, and so no reason to skip fixing a bug on the assumption that the Bad Guys don’t know about it yet.īut if your project follows responsible disclosure, where you give yourself a reasonable time to fix bugs such as security holes before you reveal to the world exactly how to exploit them, you will typically have bug details on record that aren’t yet globally visible. Projects run on so-called full disclosure principles might not mind, because full disclosure is all about everyone knowing everything all the time. Of course, if you do run a public-facing Bugzilla server, you might not want just anybody to see all the details of every bug currently reported in your software. …and perhaps you’ll feel enough pull from, and interest in, the community, to stay involved in the future. The idea is simple: register for an account, report your bug, track its progress… If you make it easy for your users to give you feedback about things that aren’t working properly, you can build an engaged online community and improve your software engineering at the same time. Open and closed source projects alike use Bugzilla for just this purpose. Many Bugzilla implementations are publicly accessible on the internet, as a way of encouraging anyone who’s interested in helping out with bug fixing. In fact, if we are allowed to smile at security holes, this bug is wryly amusing. One of them is not only interesting and important, but also ironic. Bugzilla, Mozilla’s free and popular bug tracking program, has just been updated to patch a number of security holes.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |