Security vendor Eeye has launched a
website
where the company is publishing an overview of unpatched or so-called 0-day
software vulnerabilities that attackers are actively exploiting.
The company feels that publication of the information is needed now that
attackers are increasingly expanding their focus beyond Microsoft software,
making it harder for organizations and individuals to remain up to date about
the latest security threats.
"This allows people to understand what 0-day exploits are out the," Marc
Maiffret, Eeye's chief technology officer told
vnunet.com. "Part of it is also that we want
to put pressure on vendors so they patch the 0-days."
Even if a vendor hasn't yet made a patch available for a vulnerability, users
can often protect themselves by using workarounds, he added.
The website currently lists seven security holes that attackers are
targeting. Except for one vulnerability in Adobe ActiveX, all the listed flaws
affect Microsoft applications.
The data on the website is gathered from security mailing lists and public
forums that are frequented by security researchers.
Roger Thompson, chief technology officer
with Exploit Prevention Labs,
another security vendor, applauded the initiative.
"There are over 300 vulnerabilities that get revealed every month. Only one
of them is typically [exploited]. It's easy to loose track of the ones that are
being used and which aren't," Thompson told vnunet.com.
But the website could also increase the exposure of unpatched
vulnerabilities, effectively creating a one-stop-stop for so-called
script-kiddies and other unsophisticated malware authors.
Do you agree?
Have your say on this article