Fix Advisories
Fix advisories warn of a vulnerability, but may not necessarily contain
the actual exploit code for them. They will usually advise the recipient
that an exploit exists for a certain vulnerability and provide details of
how to resolve the issue. These types of announcements are usually
made in conjunction with the software developer.
Full Disclosure Advisories
There are a number of full disclosure mailing lists available for public
subscription. The most well known of which is Bugtraq. In addition to
warning of a vulnerability in a product they will often contain details of
how to exploit the vulnerability. Either in the form of source code or, in
the case of HTTP vulnerabilities, exact details of what data to send to
port 80 on the vulnerable machine.
No comments:
Post a Comment