When is an actual vulnerability no longer considered a vulnerability?

Sept. 23, 2011
In a stunning statement at the 2011 ACS Cyber Security Conference, Marty Edwards from DHS stated that in order for a design deficiency to be considered a vulnerability, it must be fixable by a patch. This means exploitable design deficiencies such as those found by Ralph Langner and Dillon Beresford are not considered vulnerabilities by DHS because they cannot be fixed by patches. It also implies theses exploitable design deficiencies do not have to be disclosed by ICS-CERT.  This is bizarre.  

Joe Weiss
In a stunning statement at the 2011 ACS Cyber Security Conference, Marty Edwards from DHS stated that in order for a design deficiency to be considered a vulnerability, it must be fixable by a patch. This means exploitable design deficiencies such as those found by Ralph Langner and Dillon Beresford are not considered vulnerabilities by DHS because they cannot be fixed by patches. It also implies theses exploitable design deficiencies do not have to be disclosed by ICS-CERT.  This is bizarre.  
Joe Weiss

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.