Microsoft’s vulnerability Severity Rating System is closing in on its tenth birthday. While the security landscape has been transformed during that time, the Ratings have endured. But do they still work? Threatpost asked prominent vulnerability researchers to give us their opinion. You may be surprised at what they had to say.  

By Jeremiah Grossman, CTO, WhiteHat SecurityEveryone sounded the alarms at the Gawker Media attack, which included a security breach of websites such as Gizmodo, Lifehacker, Kotaku, io9, and others. The numbers were impressive: 1.3 million user accounts exposed, 405 megabytes of source code lost, and perhaps more important to some, the identity of those leaving anonymous comments potentially revealed. For Gawker, there is a loss of trust that will be difficult to regain. Users are already clamoring for the ability to delete their accounts. And, on the technical side, all Gawker’s systems will need to painstakingly audited or rebuilt entirely from scratch to prevent the same thing from happening again. Happy Holidays indeed.

Microsoft released its monthly patch Tuesday bulletins fixing more than 40 vulnerabilities in a variety of products including Microsoft Windows, Internet Explorer and Sharepoint Server. The release, the company’s final monthly patch of 2010, brings the total number of security fixes to 106 – the highest total ever for the company.

Security Experts will tell you that one year is a lifetime in the world of online threats and attacks. But eight years after Microsoft introduced its innovative severity rating system for software vulnerability, the company says its original definitions of what makes a software hole important still apply. Security experts aren’t so sure.

As attackers have focused more and more of their energies on exploiting bugs in Web applications, and specifically memory-corruption vulnerabilities, researchers have followed along, trying to find new ways to protect users from these attacks. One of the newer entrants in this field is a tool called HeapLocker, designed to prevent heap-spray attacks.

The New York
Times reported that Julian Assange, founder, spokesperson, and editor-in-chief
of Wikileaks, has been granted bail by a British court.

The ruling comes as Assange
and his attorneys continue to fight demands from Swedish prosecutors that he be
extradited to Sweden. Assange remains in detention pending an appeal by the
prosecution which is set to take place within the next 48 hours.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.