Hmm... this is interesting.
I fail to see how Trend Micro OfficeScan can be included in here though. It can be updated via a "free update interface" like "SMS/WSUS". So then how does it fall into this category? Point 5 outlines that the application must rely on the end user to update the application. Surely Norton as well can be updated via WSUS and SMS? So can Acrobat.
And for the Java SDK, it's an SDK, obviously it's going to have vulnerabilites, it's a development tool. But I assume they are only refering to the compiled runtime environment?
Rusty raises a good point, surely it's better to patch than to have never patch before.
Firefox - this years most vulnerable app
-
- Moderator Emeritus
- Posts: 6098
- Joined: 27 Feb 2004, 02:00
- Location: Durban
- Contact:
Re: Firefox - this years most vulnerable app
Qualifications: BSc Computer Science & Information Technology, BCom Information Systems Honours, ISACA CISA, ISACA CRISC
Experience: Web Design, IT Auditing, IT Governance, Computer Retail, IT Consulting
Interests: Technology, Nutrition, Toasters, BBM, Facebook, Colourful Diagrams
Experience: Web Design, IT Auditing, IT Governance, Computer Retail, IT Consulting
Interests: Technology, Nutrition, Toasters, BBM, Facebook, Colourful Diagrams