Mediaboss Marketing

Google threw the gauntlet down before the software industry to clean up its mistakes faster than has been done in the past.

Critical vulnerabilities in software programs being actively exploited by hackers should be made public seven days after a software vendor is made aware of the flaw by whomever discovered it, the company advocated in a blog posted Wednesday by Google security engineers Chris Evans and Drew Hintz.

Seven days is an aggressive timeline and may be too short for some vendors to update their products, but it should be enough time to publish advice about possible mitigations, such as temporarily disabling a service, restricting access, or contacting the vendor for more information, the pair wrote.

For flaws not being actively exploited by online marauders, Google continues to support giving software vendors 60 days to address a flaw before it is made public by its discoverer.

Actively exploited vulnerabilities, however, are special cases that need special attention, they argue.

The reason for this special designation is that each day an actively exploited vulnerability remains undisclosed to the public and unpatched, more computers will be compromised, they wrote.

Googles zeal for quick action may be a harsh solution that could do more harm than good, argued Trusteer Vice President Yishay Yovel.

What Google is doing isnt going to accelerate the patching process, he told PCWorld. In fact, it will notify the hacker community about yet another opportunity it will have to attack enterprises.

Pushing patches out in seven days wont speed up the process of mitigating the vulnerability because organizations will continue to be slow in installing the patches pushed to them. What were seeing in the marketplace is hackers targeting vulnerabilities that are two years old, Yovel said.

Thats because organizations often dont patch, he added. They just dont get to it.

More here:
Software vendors should respond to actively attacked vulnerabilities within seven days, Google says

47012535 story Posted by Soulskill on Friday May 31, 2013 @04:31PM from the 40-cents-for-a-cockroach,-75-cents-for-a-bedbug dept. Trailrunner7 writes "Bug bounty programs have been a boon for both researchers and the vendors who sponsor them. From the researcher's perspective, having a lucrative outlet for the work they put in finding vulnerabilities is an obvious win. Many researchers do this work on their own time, outside of their day jobs and with no promise of financial reward. The willingness of vendors such as Google, Facebook, PayPal, Barracuda, Mozilla and others to pay significant amounts of money to researchers who report vulnerabilities to them privately has given researchers both an incentive to find more vulnerabilities and a motivation to not go the full disclosure route. This set of circumstances could be an opportunity for the federal government to step in and create its own separate bug reward program to take up the slack. Certain government agencies already are buying vulnerabilities and exploits for offensive operations. But the opportunity here is for an organization such as US-CERT, a unit of the Department of Homeland Security, to offer reasonably significant rewards for vulnerability information to be used for defensive purposes. There are a large number of software vendors who don't pay for vulnerabilities, and many of them produce applications that are critical to the operation of utilities, financial systems and government networks. DHS has a massive budgeta $39 billion request for fiscal 2014and a tiny portion of that allocated to buy bugs from researchers could have a significant effect on the security of the nation's networks. Once the government buys the vulnerability information, it could then work with the affected vendors on fixes, mitigations and notifications for customers before details are released." You may like to read: Post

Anyone can make an omelet with eggs. The trick is to make one with none.

Working...

See the article here:
The Case For a Government Bug Bounty Program

Thiruvananthapuram, May 31:

International Centre for Free and Open Source Software here has launched a joint mentoring programme with the Apache Software Foundation, a leading producer of free and open source software.

The programme seeks to identify talented software developers from the State who would be mentored to participate in live projects of the foundation.

In the open source software, source code is made available and licensed in such a manner that copyright holder provides rights to study, change and distribute software free to anyone and for any purpose.

Targeted at young developers with demonstrable programming skills, including students and fresh graduates, the mentoring programme will start off with a three-day bootcamp from June 17-19.

Luciano Resende, vice-president, community development at Apache Software Foundation, will spearhead the programme.

Basic and intermediate concepts in open source software development will be introduced here.

At the end, participants will identify a project of their interest and piloted by the foundation, and produce a software project proposal which will be short-listed for mentoring by it.

During the 3-month project implementation phase, participants will interact with foundation volunteers who will help them and bring them up to speed in areas where they require support.

The foundation has been participating in several mentoring initiatives around the world, and for the first time in India, is partnering in a pilot project here, said Luciano Resende.

Continue reading here:
Open source mentoring scheme to select talented developers

ABINGDON, England, May 31, 2013 /PRNewswire/ --

Kaspersky Labis today announcing that it is offering free security protection software available on theLinkedIn Safety Centre, providing users with an easily accessible and secure way to protect themselves online. The LinkedIn Safety Centre is designed to provide LinkedIn's more than 225 million members with the tools and knowledge to protect their identity and data on the Internet. In support of the initiative, Kaspersky Lab is offering a free 90-day trial ofKaspersky Internet Security 2013andKaspersky Security for Mac as part of the Safety Center.

The amount of malicious activity on social networking sites has been dramatically increasing each year as cybercriminals identify new ways to infect users. According to Kaspersky Lab data, in the first half of 2012, 80 percent of all compromised computers were attacked while browsing the web. Additionally, in 2012, phishers' top targets were social networking sites (24.5 percent). To reflect this growing trend, Kaspersky Lab has expanded its efforts to increase online security through offer agreements with established social networking organisations, such as LinkedIn.

Steve Orenberg, President at Kaspersky Lab, North America commented, "As the threat landscape continues to target social networking users, Kaspersky Lab is making a concerted effort to integrate its research, security intelligence and technology solutions with established social networking organisations. By working with LinkedIn, Kaspersky Lab will be at the forefront to both educate and equip their users with the most secure internet security solutions."

For more information on the dangers of social networking and how users can protect themselves, please visit Kaspersky Lab's Dangers While Social Networking Infographic.

ENDS

About Kaspersky Lab

Kaspersky Lab is the world's largest privately held vendor of endpoint protection solutions. The company is ranked among the world's top four vendors of security solutions for endpoint users*. Throughout its 15-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for consumers, SMBs and enterprises. The company currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at http://www.kaspersky.co.uk.

* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2011. The rating was published in the IDC report "Worldwide Endpoint Security 2012-2016 Forecast and 2011 Vendor Shares (IDC #235930, July 2012). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2011.

Follow us on Twitter

View original post here:
Kaspersky Lab to Offer Free Security Protection on LinkedIn Safety Center

Cruiseguide 2011 $9 Product, 50% Commission! Free Software Download
Cruiseguide 2011 $9 Product, 50% Commission! For more information! at http://tinyurl.com/cn7xcgy.

By: Zoumrn Katexo

Read more here:
Cruiseguide 2011 $9 Product, 50% Commission! Free Software Download - Video