When is an actual vulnerability no longer considered a vulnerability?

    Sept. 23, 2011
    In a stunning statement at the 2011 ACS Cyber Security Conference, Marty Edwards from DHS stated that in order for a design deficiency to be considered a vulnerability, it must be fixable by a patch. This means exploitable design deficiencies such as those found by Ralph Langner and Dillon Beresford are not considered vulnerabilities by DHS because they cannot be fixed by patches. It also implies theses exploitable design deficiencies do not have to be disclosed by ICS-CERT.  This is bizarre.  

    Joe Weiss
    In a stunning statement at the 2011 ACS Cyber Security Conference, Marty Edwards from DHS stated that in order for a design deficiency to be considered a vulnerability, it must be fixable by a patch. This means exploitable design deficiencies such as those found by Ralph Langner and Dillon Beresford are not considered vulnerabilities by DHS because they cannot be fixed by patches. It also implies theses exploitable design deficiencies do not have to be disclosed by ICS-CERT.  This is bizarre.  
    Joe Weiss

    Continue Reading

    Sponsored Recommendations

    The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...
    Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...
    Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...
    Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...

    Latest from Home

    April 2025 Control Talk cartoon
    20231225_123616

    Most Read

    Sponsored