What if we gave non-technical security issues vulnerability logos and names?

What could do more damage to your business: CVE-2017-8759 or Epic Banana? CVE-2017-0262 or Extra Bacon?

Funny exploit names are all the rage: This year we’ve had WannaCry (powered by EternalBlue), NotPetya, Krack, and Pork Explosion. In years gone by we’ve had Heartbleed, StageFright, Shellshock, Dirty Cow, Poodle, and Freak. Many come with a nice logo so media outlets don’t have to those terrible stock photos of hacking (even cyber criminals ‘get’ branding these days).

But there’s also been hundreds, if not thousands, of other vulnerabilities, exploits, and problems, most of which probably didn’t come with fun names or logos, just technical names. While the fun ones grab the attention, are they all as equally bad?

“It’s actually driving the wrong behaviour, because when we see these vulnerabilities come up suddenly it drives a knee-jerk, ‘go patch all the things’ reaction,” Gavin Millard, Technical Director at Tenable Security, told IDG Connect last year.

His argument is that the addition of a logo and catchy name mask the seriousness of the vulnerability; where Heartbleed and Shellshock were very dangerous, Freak and Poodle weren’t as bad, something which is impossible to tell without the right background knowledge, yet all create similar levels of ‘Are we adequately protected?’ hysteria.

To continue reading...


« Why the retreat from the public cloud?


Why you need an effective IP exit strategy »
Dan Swinhoe

Dan is a journalist at CSO Online. Previously he was Senior Staff Writer at IDG Connect.

  • twt
  • twt
  • twt
  • Mail


Do you think your smartphone is making you a workaholic?