[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EXT] CVE's for malware/backdoors



Please note I've already slipped a few in, e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000203

Also please read:


This type of attack will only become more common, it's the soft underbelly of OpenSource (dependancy chains a mile long, many of which are not actively maintained, or have someone who would happily hand over control to a trustworthy party). I think we need to officially include backdoors like this in scope, and also look at other malware types of activity (e.g. the stealing of data, is that not an exposure?). 

--
Kurt Seifried
kurt@seifried.org

Page Last Updated or Reviewed: January 07, 2019