McAfee Leverages Research Expertise to Raise Public Awareness of Potential Points of Attack
McAfee announced its reemergence in the field of vulnerability discovery and disclosure as a way to raise public awareness of potential points of attack. Using McAfee Avert Labs’ security research expertise, and the guidelines set forth by the Organization for Internet Safety (OIS), McAfee will work with affected vendors immediately upon vulnerability discoveries so they can begin working on solutions. McAfee will also use its findings to help provide preemptive protection to its customers before targeted exploits can become serious problems.
The changing vulnerability and threat landscape points to increasingly sophisticated and financially motivated zero-day attacks that threaten Internet browsers and other end-user applications, databases and data storage. McAfee, which previously discovered and publicly disclosed vulnerabilities through McAfee Avert Labs, will utilize its vulnerability research expertise along with Foundstone’s tremendous history in the area of vulnerability discovery to raise awareness and narrow the number of un-patched vulnerabilities.
“Last month alone, McAfee publicly disclosed 24 vulnerabilities, one relating to Microsoft and 23 built into nine patches on the Apple operating system,” said Stuart McClure, senior vice president, global research and threats at McAfee. “While this number may sound significant, it doesn’t touch the number of vulnerabilities that are never discovered or properly disclosed. Our goal is to help the public address new, fast-moving threats that cannot be dealt with adequately by patching and other traditional reactive means. With our research capabilities, we can proactively work with affected vendors to generate solutions before targeted threats become realized attacks.”
As a founding member of the OIS, McAfee is committed to the responsible disclosure of vulnerabilities, as outlined in OIS guidelines. Once McAfee discovers a security flaw, or vulnerability, it will notify the affected vendor so they can immediately begin working on a solution, most often in the form of a patch.