CVSS


Oracle Patches 88 Vulnerabilities, Including Some that Allow Remote Exploits Without Authentication

Oracle yesterday released 88 security fixes for vulnerabilities — including several that allow for remote access without authentication — across its portfolio as part of its quarterly Critical Patch Update.”Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible,” the company said in its CPU advisory.


From Educated Guesswork (Eric Rescorla)

The received wisdom in the security industry is that trying to qualitatively assess the security of a given piece of software is an incredibly difficult task. Some of the sharpest minds in software security–Gary McGraw, Brian Chess and Michael Howard among them–have spent years trying to nail down a framework for this task, with varying degrees of success. Not to worry, though. As Eric Rescorla writes, the government has now joined the fray with a proposal to develop standards for software security.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.