Bugtraq

Bugtraq

Bugtraq is an electronic mailing list dedicated to issues about computer security. On-topic issues are new discussions about vulnerabilities, vendor security-related announcements, methods of exploitation, and how to fix them. It is a high-volume mailing list, and almost all new vulnerabilities are discussed there.

Bugtraq was created on November 5, 1993 by [http://www.zoominfo.com/directory/Chasin_Scott_697360.htm# Scott Chasin] in response to the perceived failings of the existing Internet security infrastructure of the time, particularly CERT. Bugtraq's policy was to publish vulnerabilities, regardless of vendor response, as part of the full disclosure movement of vulnerability disclosure.

Elias Levy, Aleph One, noted in an interview that "the environment at that time was such that vendors weren't making any patches. So the focus was on how to fix software that companies weren't fixing."

The mailing list was unmoderated originally, but the signal-to-noise ratio eventually became unacceptably bad. Moderation began on June 5, 1995. Elias Levy moderated the list from June 14, 1996 until he stepped down on October 15, 2001. David Mirza Ahmad, one of the many co-authors of [http://www.oreilly.com/catalog/1928994709/ Hack Proofing Your Network, Second Edition] , took over from Levy and continued until he stepped down on February 23, 2006. [http://www.securityfocus.com/archive/1/425940/30/1860/threaded SecurityFocus ] ] David McKinney, a [http://www.symantec.com/Products/enterprise?c=prodinfo&refId=988&cid=1017 DeepSight threat analyst] at Symantec, took over from Ahmad and is the current moderator. [http://www.securityfocus.com/archive/1/425940/30/1860/threaded SecurityFocus ] ]

Bugtraq was originally hosted at Crimelab.com. It was moved to the Brown University NetSpace Project — which has since been reorganized as the [http://www.netspace.org/ NetSpace Foundation] — on June 5, 1995, the same day that its moderation began. In July 1999 it became the property of SecurityFocus and was moved there. SecurityFocus was acquired in full by Symantec on August 6, 2002. [http://www.symantec.com/press/2002/n020806.html Symantec Acquisition of SecurityFocus Completed] ]

References

External links

* [http://www.securityfocus.com/archive SecurityFocus - Mailing Lists] (Bugtraq is the first mailing list under the Most Popular heading)
* [http://archive.salon.com/tech/feature/2001/08/29/west/index.html Salon - Technology & Business - How do you fix a leaky Net?] (includes mention of Bugtraq)
* [http://www.spirit.com/Network/net0800.html#section-1.1. Spirit - Network Defense - Full Disclosure, or Tales to embarrass Vendors ~ The Good Old Days] (a history of the CERT Advisory CA-93:15 fiasco)


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Bugtraq — ist eine Mailingliste, die Themen der Computersicherheit gewidmet ist. In ihr werden Schwachstellen in Computerprogrammen, Möglichkeiten zur Ausnutzung (sogenannte Exploits) und Vorgehensweisen, um diese Lücken zu schließen diskutiert. Bugtraq… …   Deutsch Wikipedia

  • Bugtraq — Saltar a navegación, búsqueda bugtraq es una lista de correo electrónico para publicacion de vulnerabilidades de software y hardware. Su listado de vulnerabilidades puede servir tanto a un administrador de sistemas para enterarse de los fallos y… …   Wikipedia Español

  • Format string attack — Format string attacks are a class of software vulnerability discovered around 1999. Previously thought harmless, Format string attacks can be used to crash a program or to execute harmful code. The problem stems from the use of unfiltered user… …   Wikipedia

  • Session poisoning — (also referred to as Session data pollution and Session modification ) is to exploit insufficient input validation in server applications which copies user input into session variables. The underlying vulnerability is a state management problem;… …   Wikipedia

  • HackThisSite — Infobox computer underground group name = HackThisSite.Org caption = The HTS Website origin = Chicago, Illinois country = United States International status = offline years active = 2003 ndash;present category = Hacking/media founders = xec96 The …   Wikipedia

  • Idle scan — The idle scan is a TCP port scan method that through utility software tools such as Nmap and Hping allow sending spoofed packets to a computer. This sophisticated exploit is dual hatted as a port scanner and maps out trusted IP relationships… …   Wikipedia

  • Buffer overflow — In computer security and programming, a buffer overflow, or buffer overrun, is an anomalous condition where a process attempts to store data beyond the boundaries of a fixed length buffer. The result is that the extra data overwrites adjacent… …   Wikipedia

  • SQL slammer (computer worm) — The SQL slammer worm is a computer worm that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic, starting at 05:30 UTC on January 25, 2003. It spread rapidly, infecting most of its 75,000… …   Wikipedia

  • Elias Levy — (also known as Aleph One), was the moderator of the full disclosure vulnerability mailing list Bugtraq from May 14 1996, until he stepped down on October 15 2001. He was the CTO and co founder of the computer security company SecurityFocus, which …   Wikipedia

  • Mary Ann Davidson — is the Chief Security Officer of Oracle Corporation, the second largest software company in the world. Her outspoken views regarding software security and role as security spokesperson for a leading database product have made hers an important… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”