Link to us: http://sn.im/googlebugs
On the first half year of 2010, Google said that a recent report claims that it does not patch one of the serious mistake in its one-third of the Google software error fact.
IBM's X-Force security force, acknowledged the error and has the issued revised chart showing the Google patch vulnerabilities as "high" or "critical" and it is on online services.
At Google, Adam Mein- a security program manager, was asked the question: " Is the weakness on the Google response to record and the number of surprising discoveries. Adam Mein has a discussions with IBM and they found many mistakes. So that two significant revelation as the conclusion of the report.
From the X-Force report, 9% of the Google error revealed that the first 2010 is unpatched and another 33% of the vulnerabilities were classified as high or critical and cannot fixed in the first half year of 2010.
Under the revised table from IBM, Google release all the patch is to fix the vulnerability on the first six month 2010.
When they released their trend report. Tom Cross and the X-Force researchers said that they get many feedback from the two software, the remedy information and the vendors regarding the severity for some of the vulnerabilites behind the Google. And because of the feedback, their manually re-evaluate their remedy information, CVSS score and suppliers vulnebility affects each chart of the percentage of Google.
Sun Microsystems, the number has changed dramatically, although the Cross is not the name of the other vendors about the result complained about the repair of Google. If the original table has the Sun letting 9% of the most serious flaw and 24% of Google bugs is not fixed. Re-calculated the figure were 8% and 0%, respectively.
This year in April, Oracle announced plans to acquire Sun for 7.4 billion. X-Force listed two companies were vulnerability separately.
When the X-Force re-examinated the date, the percentage of the unpatched decreased for other vendors, including the Microsoft and Mozilla, as catch all unpatched percentage of Linux category.
Adam Mein said that X-Force assertion that one in three critical vulnerability not yet patched or fixed.
After the investigation, they learned that 33% of the number refers to an unpatched vulnerability out a total of three.. As an important lesson, a project was considered the only unpatched security vulnerability is due to a mistaken terminology mix-up said by Adam Mein.
X-Force's also has it weaknesses counting and calculated the number of problems. In the report, the company admits, which uses the method of preparation of the 2009 version has flaws, saying that it has solved the problems. The results will be more accurately report on the mid 2010.
Cross said that the X-Force would release a revised report on this week.
source :
Gregg Keizer, computer world ,[online], 31 August 2010
http://www.computerworld.com/s/article/9182818/Google_disputes_bug_patching_report?taxonomyId=85
0 comments:
Post a Comment