Hello,

To help clear up any confusion about the Discovery Dates associated
with the group of advisories that we are publishing today, I should
explain the situation.

We are publishing our advisories in groups after each group is approved
internally. With the exception of the Microsoft issues, none of the
vulnerabilities have been posted or discussed in public forums or lists.

The discovery date that we list in the advisories refers to the date on
which we discovered the advisory, rather than the date that we made the
information public. Since none of these vulnerabilities (except for the
Solaris CACHEFSD) have been actively exploited / seen in the wild, we have
been patient in working with and waiting for vendors to complete
vulnerability validation, and for patches to be developed and posted to
vendor sites.

We plan to publish more advisories in the near future, and hopefully in a
much more timely fashion.

Regards,
Ken Williams
eSecurityOnline Research and Development Team

Ken Williams ; CISSP ; Technical Lead ; ken.williamsey.com
eSecurityOnline - an eSecurity Venture of Ernst & Young
ken.williamsey.com ; www.esecurityonline.com ; 1-877-eSecurity

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]