[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EXT] CVE's for malware/backdoors

Please note I've already slipped a few in, e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000203

Also please read:

This type of attack will only become more common, it's the soft underbelly of OpenSource (dependancy chains a mile long, many of which are not actively maintained, or have someone who would happily hand over control to a trustworthy party). I think we need to officially include backdoors like this in scope, and also look at other malware types of activity (e.g. the stealing of data, is that not an exposure?). 

Kurt Seifried

Page Last Updated or Reviewed: January 07, 2019