In Information security vulnerability means any loop holes to the security by which attacker may exploit that defect on programming error and get the access to the computer or servers. After successfully exploit the attacker can violate the integrity of that system, access the confidential data and also he may modify it for the harm of reputation of any organization.
Vulnerability is also referring to the weakness in the computer system, weakness like any system without any type of security or any weak point from where attacker can exploit it, attackers always searching for the weakness and loopholes to exploit them and get access to the victim’s computer or server. Different types of weakness are technology weakness, configuration weakness and security policy weakness.
Some information security experts also searches for the vulnerability in any software and servers to protect the customers or clients who use it. After finding the vulnerabilities the information security expert disclose it openly then as these vulnerabilities become known, software publishers develop "patches", "fixes" or "updates" that you can download to fix the problems.
Open disclosure of vulnerability is good because if we do not disclose the vulnerability then it would be unsure that the security process is improved or not because after the disclosure of vulnerability the publisher of that software develops the patches for that vulnerability. Without open disclosure it is like we found the vulnerability and do not disclose it to any one and this turns into security through obscurity which is not good so open disclosure of vulnerability is good for the security. Due to this the vendor of the software is always trying to create more secure software because they are under the watchful eye of public.
There are many types of hackers like white hat hackers, black hat hackers and grey hat hackers so open or full disclosure of vulnerability gives typical positions to these hackers. If it is beneficiary for someone then it could also be harmful to someone. Some take advantage of full disclosure of vulnerability and some people have to remove it as soon as possible. So these types of typical positions arise while open or full disclosure of vulnerability in information security.
· White hat hackers
· Black hat hacker
· Grey hat hacker
Vulnerability is also referring to the weakness in the computer system, weakness like any system without any type of security or any weak point from where attacker can exploit it, attackers always searching for the weakness and loopholes to exploit them and get access to the victim’s computer or server. Different types of weakness are technology weakness, configuration weakness and security policy weakness.
Some information security experts also searches for the vulnerability in any software and servers to protect the customers or clients who use it. After finding the vulnerabilities the information security expert disclose it openly then as these vulnerabilities become known, software publishers develop "patches", "fixes" or "updates" that you can download to fix the problems.
Open disclosure of vulnerability is good because if we do not disclose the vulnerability then it would be unsure that the security process is improved or not because after the disclosure of vulnerability the publisher of that software develops the patches for that vulnerability. Without open disclosure it is like we found the vulnerability and do not disclose it to any one and this turns into security through obscurity which is not good so open disclosure of vulnerability is good for the security. Due to this the vendor of the software is always trying to create more secure software because they are under the watchful eye of public.
There are many types of hackers like white hat hackers, black hat hackers and grey hat hackers so open or full disclosure of vulnerability gives typical positions to these hackers. If it is beneficiary for someone then it could also be harmful to someone. Some take advantage of full disclosure of vulnerability and some people have to remove it as soon as possible. So these types of typical positions arise while open or full disclosure of vulnerability in information security.
Types of hackers:
There are three types of hacker -· White hat hackers
· Black hat hacker
· Grey hat hacker
White hat hacker:
He is the information security specialist who tests the security of computer by breaking the protected system and access the security. White hat hackers always try to improve the security by exposing the weakness or vulnerability before those unauthorized person who find the vulnerability and exploit it. White hat hackers have permission to perform hack and find the vulnerability against the organization.
Black hat hacker:
He is a person who searches for vulnerabilities or any type of security flaws and exploit them to harm or to perform other malicious activity. They are different from white hat hacker who perform hack to find the security flaws and vulnerabilities that black hat hacker may exploit. Black hat hackers can cause harm on both individual computer users and large organization by stealing financial information, by modifying the content of websites.
Grey hat hacker:
He is a person who knows the hacking techniques and performs the activity of hacking to show off their skills. He is differ from white hat because they perform the hacking activity without permission or illegally and he is also differ from black hat hacker because they do not perform the hacking activity for personal gain but they perform hack just for show off purpose. He is the mixture of black hat hacker and white hat hacker because some time he perform hack for good reason and some time he do it with malicious intension.
Typical position of hackers in full disclosure of software problem:
Position of white hat hacker:
The position of white hat hacker in full disclosure of software problem is the white hat hacker have to check the security and find the vulnerability and full disclose it, after disclosing it the software publisher have to develop the patch of that vulnerability and after developing the patch he have to distribute this patch as soon as possible otherwise the black hat hacker may exploit that vulnerability and get the unauthorized access. So the position of white hat hacker is to check the security and that vulnerability time to time and protect the customers and client of the organization from being hacked.
Position of black hat hacker:
The position of black hat hacker in full disclosure of software problem is the black hat hacker is always searches for the vulnerability to exploit it and after full disclosure of software problem he can get the details of the vulnerability on that particular software so it become easy for the black hat hacker to attack on the software because after getting the vulnerability the he may exploit it easily. But he can exploit that vulnerability prior to patches or new version of software being made available in market place because the software publisher have to fix that vulnerability as soon as possible to protect their client.
Position of grey hat hacker:
The position of grey hat hacker is very sensitive in full disclosure of software problems, the grey hat hacker can do anything like he can make the patch and fix the vulnerability and inform the software publisher that how to fix that problem or he may exploit the vulnerability. The grey hat hacker can perform the role of black hat hacker or white hat hacker because he is hybrid of both.Summary:
The open disclosure of vulnerability is good because the security process is improved through it and the developer always tries to develop secure software because they are under the watchful eye of public. The white, black and grey hat hackers have different typical position in full disclosure of software problem they can develop patch or exploit that vulnerability but if the new patch and newer version of software is available in market of the problem in the software then these hackers have to find the new vulnerability in that software.
No comments:
Post a Comment