Security Advisories Play a Critical Role in Keeping Our Software Safe

Security advisories are one of those terms that get thrown around a lot without much thought as to what they are and what role they actually serve in helping us to work more securely.

The most basic explanation here is that these are the references and databases where issues concerning the security of software projects or products are posted to, making them easily available to the public. This is an important service as users of the software can turn to these security advisories for crucial details like newly discovered issues, fixes like patches or updates, as well as more in-depth explanations of the issues to help them form better decisions. 

There is a wide variety of security advisories that span the software space from those serving users of the largest enterprise software products to those for more niche communities of small projects.  

In hopes of better understanding the landscape of security advisories, we have selected three that you should probably be checking in with regularly for keeping your software and organization secure. But first, here’s a short background on how a vulnerability makes its way to publication.

How Does a Vulnerability Reach the Security Advisory?

Before a vulnerability is published on a security advisory, it first needs to be discovered by a security researcher. This person might be a bug bounty hunter in the case of commercial or proprietary software or a member of an open source community. Corporate outfits like Google’s Project Zero turn up their fair share of high-quality vulnerabilities across the board, as do some others. 

Once a vulnerability is discovered, good manners, custom, and security standards dictate that the owners of the project be approached with the information that they have some late nights in their near future. This team will then generally (Read more…)

*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Patricia Johnson. Read the original post at: