Roughly 100 days after the Binary Planting (a.k.a. DLL hijacking, DLL preloading, Insecure Library Loading) vulnerability has been (re)discovered in hundreds of Windows applications (and likely undiscovered in thousands more), we've taken a unique opportunity to compare software vendors' fixing of publicly known vulnerabilities to their fixing of publicly unknown ones. We hope our short study will provide the research community with a bit of insight into the elusive world of "unknown unknowns" that is *actual* security.
http://blog.acrossecurity.com/2010/11/unbearable-lightness-of-non-fixing.html Pleasant reading, Mitja Kolsek CEO&CTO ACROS, d.o.o. Makedonska ulica 113 SI - 2000 Maribor, Slovenia tel: +386 2 3000 280 fax: +386 2 3000 282 web: http://www.acrossecurity.com ACROS Security: Finding Your Digital Vulnerabilities Before Others Do
