Month of Bugs
Encyclopedia
Month of Bugs is an increasingly popular strategy used by security researchers to draw attention to the lax security procedures of commercial software corporations. The tenet is these corporations have shown themselves to be unresponsive and uncooperative to security alerts and that "responsible disclosure
" isn't working properly where they're concerned. To that effect, researchers start a Month of Bugs project for a certain software product and disclose one security vulnerability each day for one month.
The original "Month of Bugs" was the Month of Browser Bugs (MoBB) run by security researcher HD Moore
. Subsequent projects include the Month of Kernel Bugs (MoKB) which published kernel bugs for Mac OS X
, Linux
, FreeBSD
, Solaris and Windows
, as well as four wireless
driver
bugs; the Month of Apple Bugs (MoAB) conducted by researchers Kevin Finisterre and LMH which published bugs related to OS X; and the Month of PHP Bugs sponsored by the Hardened PHP team which published 44 PHP bugs.
Responsible disclosure
Responsible disclosure is a computer security term describing a vulnerability disclosure model. It is like full disclosure, with the addition that all stakeholders agree to allow a period of time for the vulnerability to be patched before publishing the details. Developers of hardware and software...
" isn't working properly where they're concerned. To that effect, researchers start a Month of Bugs project for a certain software product and disclose one security vulnerability each day for one month.
The original "Month of Bugs" was the Month of Browser Bugs (MoBB) run by security researcher HD Moore
HD Moore
HD Moore is the creator of Metasploit, a popular penetration testing software. HD founded the Metasploit Project in the summer of 2003 with the goal of becoming a public resource for exploit code research and development...
. Subsequent projects include the Month of Kernel Bugs (MoKB) which published kernel bugs for Mac OS X
Mac OS X
Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
, Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
, FreeBSD
FreeBSD
FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant...
, Solaris and Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
, as well as four wireless
Wireless
Wireless telecommunications is the transfer of information between two or more points that are not physically connected. Distances can be short, such as a few meters for television remote control, or as far as thousands or even millions of kilometers for deep-space radio communications...
driver
Device driver
In computing, a device driver or software driver is a computer program allowing higher-level computer programs to interact with a hardware device....
bugs; the Month of Apple Bugs (MoAB) conducted by researchers Kevin Finisterre and LMH which published bugs related to OS X; and the Month of PHP Bugs sponsored by the Hardened PHP team which published 44 PHP bugs.
See also
- Fuzz testingFuzz testingFuzz testing or fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes or failing built-in code assertions...
- HD MooreHD MooreHD Moore is the creator of Metasploit, a popular penetration testing software. HD founded the Metasploit Project in the summer of 2003 with the goal of becoming a public resource for exploit code research and development...
- Metasploit ProjectMetasploit ProjectThe Metasploit Project is an open-source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development....
- Vulnerability disclosure
External links
- Month of Kernel Bugs (MoKB) archive
- Kernel Fun: Month of the Kernel Bugs blog
- Month of Apple Bugs (MoAB) archive
- Apple Fun: Month of the Apple Buggs blog
- Info-pull.com blog: A complementary blog from the hosts of MoKB and MoAB
- the Month of PHP Security