Wednesday, September 22, 2010

eEye Revives Free Zero-Day Vulnerability Tracker Site

Via DarkReading.com -

Eye Digital Security founder Marc Maiffret's recent return to the company was capped off today with the rerelease of an updated version of the security firm's freebie zero-day vulnerability disclosure and analysis service he once spearheaded.

The new Zero Day Tracker contains the latest zero-day vulnerabilities and analysis on each one -- including some being reported by eEye researchers -- and ways to mitigate and protect against attacks using these bugs. "We're trying to be more of a zero-day historian, if you will. We'll keep track of something we've seen or ZDI [or others] have done," Maiffret says. "This is a completely free public resource.""

[...]

eEye will include unpatched bugs on the site, and the bugs it discloses won't include details on how to exploit them until a patch is released, he say


--------------------------------------------------------------------------------------------

VUPEN has been running a similar service for quite some time.
http://www.vupen.com/english/zerodays/

Both vendors are attempting to sell a product (i.e. eEye Blink and VUPEN Vuln Intel Services) but used together they can provide a nice overall of the threat landscape for administrators that can't keep a constant eye on the wide range of OSINT sources.

VUPEN includes reference links (unlike eEye) but lacks some severity details of the vulnerability (which Eye includes). With the assigned CVEs from VUPEN, information can be cross-referenced with the National Vulnerability Database and Secuina, leading to even more threat intelligence.

With all combined information, it would be trivial for those interested to run over to The Exploit Database and find public exploits for vulnerabilities.

No comments:

Post a Comment