[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: assignments for malware

On Mon, 13 Aug 2018, Kurt Seifried wrote:

: A backdoor is a vulnerability. I think the problem is CVE in past 
dealt 
: with "oops we make a mistake" and not "oops, a malicious actor did it 
on 
: purpose".
: 
: Doesn't matter to the end user, well actually it does, backdoors are 
: worse because someone for sure knows about the vulnerability and most 
: likely intended to use it. So do these things need CVEs, tracking and 
: remediation for people affected by it? Yes.
: 
: I'm trying to imagine a scenario where a software or service user 
goes 
: "oh, this exploitable flaw is a backdoor, thus no CVE, thus we don't 
: need to remediate it" and uhh.. I can't imagine that, not even close.


Granted. But a malicious module that has a similar name as another 
isn't a 
backdoor.
Page Last Updated or Reviewed: August 13, 2018