Threatpost Poll: Are Published PoC Exploits a Good or Bad Idea?

public poc exploits security poll

Are publicly released proof-of-concept exploits more helpful for system defenders — or bad actors?

The practice of disclosing proof-of-concept (PoC) exploits has long caused a debate in the security community. As the name suggests, these outline steps used to exploit a vulnerability in a system to show how it can be done — and are used to test networks and pinpoint vulnerable aspects of a system. But publicly released PoCs also make it easier for criminals to exploit vulnerabilities before they are patched.

Just this past week, a slew of PoC exploits were published for various vulnerabilities, including ones for a recently patched crypto-spoofing vulnerability found by the National Security Agency (NSA) and reported to Microsoft; and for critical flaws impacting the Cisco Data Center Network Manager tool for managing network platforms and switches.

Other PoC code was recently released for an unpatched remote-code-execution vulnerability in the Citrix Application Delivery Controller (ADC) and Citrix Gateway products. And, there was a PoC that “fully and practically” breaks the Secure Hash Algorithm 1 (SHA-1) code-signing encryption.

Are PoC exploit releases good or bad? Does it depend on the context? Do they make us safer? You can weigh in below with our Threatpost poll.













Concerned about mobile security? Check out our free Threatpost webinar, Top 8 Best Practices for Mobile App Security, on Jan. 22 at 2 p.m. ET. Poorly secured apps can lead to malware, data breaches and legal/regulatory trouble. Join our experts from Secureworks and White Ops to discuss the secrets of building a secure mobile strategy, one app at a time. Click here to register.

Suggested articles

What the New OWASP Top 10 Changes Mean to You?

The OWASP top 10 list of critical security risks will have a big impact on how businesses address application security moving forward. The changes to the list will require businesses to reevaluate their application security posture holistically. Learn more about the most significant changes that have emerged and how businesses can address them.

API Shadow

Bring Your APIs Out of the Shadows to Protect Your Business

APIs are immensely more complex to secure. Shadow APIs—those unknown or forgotten API endpoints that escape the attention and protection of IT¬—present a real risk to your business. Learn how to identify shadow APIs and take control of them before attackers do.