More than a month I drove 400 miles to Iasi to deliver a presentation on McAfee Vulnerability Management within a security roadshow which was put together in a terrible hurry by my employer.

The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities.

In adressing an IIS 5 bug (CVE-2007-2815), the Microsoft Knowledge Base article #328832 went a step further in presenting the conditions needed to reproduce the issue: they provided step by step instructions to what is basically an exploit of the vulnerability

In the pursuit of accurate statements about application security, Ory Segal took a new shot at Beehive, the last bulletin board which I considered bug free in 2006. Well it didn’t take him long to find not one, not two but three new Beehive XSS vulnerabilities . I have installed Beehive 0.71 and indeed the vulnerabilities are confirmed.