Sunday, August 14, 2022

Review - Problems with Vulnerability Information Sharing – 8-14-22

For a couple of years now, I have been doing a weekly blog post (more frequently lately, a multi-part blog post) looking briefly at industrial control (and medical device) security vulnerability disclosures by vendors and researchers. Generally, I try to keep this separate from my highlighting vulnerabilities disclosures by CISA’s NCCIC-ICS, if for no other reason than to keep down the amount of time I spend on the post. Recently, however, I have been seeing an increasing problem with the information sharing that goes into keeping the NCCIC-ICS advisories up to date. Today the problem became egregious enough that I need to look at it in some detail to show the depth of the problem.

 

This discussion is better done on my CFSN Detailed Analysis site, but it is so important that I do not think that it belongs behind a paywall. So, I will publish this article there - https://patrickcoyle.substack.com/p/problems-with-vulnerability-information - with free public access.

No comments:

 
/* Use this with templates/template-twocol.html */