In: Computer Science
Please DO NOT copy-paste from other sources. answer will be checked for plagiarism. Thank you!!!
Question: Using a Web
browser, visit securityfocuscom. What is Bugtraq, and how would it
be useful? What additional information is provided under the
Vulnerabilities tab?
Using a Web browser, visit certorg. What information is provided
there, and how would it be useful? What additional information is
provided at cert org/csirts/?
I gone through the articles and written a brief summarized answers for the questions. Please feel free to make any corrections if required.
Thank You
BugTraq : This is a mailing list where we can subscribe for newly detected threats and vulnerabilities and their solutions if proposed.
Exploits, fixes, future plans of computer security and any security breach related vulnerabilities can be posted to bugtraq.
All the bugtraq mailing lists are moderated and it has currently 31 mailing lists.
Verification of email is necessary for the bugtraq mailing list subscription.
Bugtraq is used to keep up with the vulnerabilities and experts trying to fix them. This is a good discussion forum or platform to post the new threats found and fix them.
Vulnerabilities :
This tab contains the information of all the vulnerabilities. Search methods provided using vendor, title , version and CVE (Common Vulnerabilities and Exposures)
Each vulnerability mentioned there, has info, discussion , exploit, solution and references of each vulnerability.
Info : This consists of the Bugtraq ID , class, cve, remote, local , published, updated, credit and vulnerable environment details
Discussion: Brief discussion about the vulnerability is mentioned in this tab.
Exploit: Exploit session details and exploit environment will be mentioned in this tab.
Solution: This tab consists of solution found.
References: This consists the proof of the exploit details .
CERT
This is software engineering institute division where cyber security is at most priority. This provides the CERT insider vulnerability assessment tool which can be used by organization for assessment purposes of software. This group consists of security analysts and others to manage the research security vulnerabilities. Cert is connected with Carnegie Mellon University to enhance the diversity of research areas. This helps to patch the vulnerabilities effectively and researchers participate in patching as all diversified group focus on the security breach. Effective maintenance of the software can be done with varied groups of researchers focus on each vulnerability and fixing the issues as soon as possible.
CERT provides easiest way to assess the software with all the testing environment developed in the tool provided by cert.
CSIRT s : Computer Security Incident Response Teams
This teams are managed by the CERT . When organizations, governments face a vulnerability it has to be patched as soon as possible with best effective methods. CSIRTs team consists of the diverse research fields team for security analysis and handle the vulnerability at best effort.
This group is expert at incident management and defend against cyber attacks.