Yahoo: Security team will reveal vulnerabilities 90 days after finding them

Its security team Yahoo said any vulnerability discovered in penetration testing would be revealed to the public after a period of 90 days.Yahoo-Security-Team-to-Reveal-Vulnerabilities-90-Days-After-Finding-Them

One of the team's responsibilities is to evaluate the security level of the software written by Yahoo by testing the code from third parties and integrated into the service provided by the company.

The group calls itself the Yahoo Paranoids, and, led by Chris Rohlf, attacks infrastructure to find new vulnerabilities that can be exploited.

"This process helps us uncover vulnerabilities, not only in software that Yahoo has written, but in (open source) and commercial the ones we use on our network,” Mr. Rohlf wrote Tuesday in one message to Tumblr.

Η της νέας ομάδας είναι όταν αποκαλύπτουν άγνωστα τρωτά σημεία του κώδικα (γνωστά και ως   zero-day ) αυτές να διορθώνονται άμεσα από τους εμπειρογνώμονες, οι οποίοι όμως ταυτόχρονα θα ενημερώνουν και τους άλλους φορείς που μπορούν να επηρεάζονται από το καθώς και το US-CERT ( Emergency Readiness Team).

Although 90 days may seem like a short time for the code developer to fix a problem, a longer time frame will increase the risk to users, giving cybercriminals a chance to find fault with themselves. and take advantage of it.

However, Mr Rohlf said: "We reserve the right to extend or shorten this timetable based on circumstances such as already exploitable vulnerabilities or the existence of known threats."

Cybercriminals are usually successful because they are constantly on the lookout for zero-day vulnerabilities that, until they are found out, they will have violated the victim or victims. Yahoo considers that it is taking a new dynamic stance against this practice which covers in addition to its own codes and the codes of the third parties it cooperates with.

Publishing vulnerability after 90 days depends on many factors, including the difficulty in dealing with the defect, which may sometimes take longer to release a patch. However, if there has been little or no progress since the discovery of the vulnerability, Yahoo reserves the right to notify it in order to force companies to take immediate defensive action or to prepare a patch.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).