dirtycow
Security

What if we gave non-technical security issues vulnerability logos and names?

What could do more damage to your business: CVE-2017-8759 or Epic Banana? CVE-2017-0262 or Extra Bacon?

Funny exploit names are all the rage: This year we’ve had WannaCry (powered by EternalBlue), NotPetya, Krack, and Pork Explosion. In years gone by we’ve had Heartbleed, StageFright, Shellshock, Dirty Cow, Poodle, and Freak. Many come with a nice logo so media outlets don’t have to those terrible stock photos of hacking (even cyber criminals ‘get’ branding these days).

But there’s also been hundreds, if not thousands, of other vulnerabilities, exploits, and problems, most of which probably didn’t come with fun names or logos, just technical names. While the fun ones grab the attention, are they all as equally bad?

“It’s actually driving the wrong behaviour, because when we see these vulnerabilities come up suddenly it drives a knee-jerk, ‘go patch all the things’ reaction,” Gavin Millard, Technical Director at Tenable Security, told IDG Connect last year.

His argument is that the addition of a logo and catchy name mask the seriousness of the vulnerability; where Heartbleed and Shellshock were very dangerous, Freak and Poodle weren’t as bad, something which is impossible to tell without the right background knowledge, yet all create similar levels of ‘Are we adequately protected?’ hysteria.

To continue reading...


PREVIOUS ARTICLE

« Why the retreat from the public cloud?

NEXT ARTICLE

Why you need an effective IP exit strategy »
author_image
Dan Swinhoe

Dan is a journalist at CSO Online. Previously he was Senior Staff Writer at IDG Connect.

  • twt
  • twt
  • twt
  • Mail

Recommended for You

How to (really) evaluate a developer's skillset

Adrian Bridgwater’s deconstruction & analysis of enterprise software

Unicorns are running free in the UK but Brexit poses a tough challenge

Trevor Clawson on the outlook for UK Tech startups

Cloudistics aims to trump Nutanix with 'superconvergence' play

Martin Veitch's inside track on today’s tech trends

Poll

Is your organization fully GDPR compliant?