Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

8 Cards in this Set

  • Front
  • Back
John is a security expert who is stress testing a new server in his lab. He notices a security flaw one day and to ensure that his assumptions are correct, he exploits it. Which of the following terms would John be characterized as?
White hat
Advocates of full disclosure argue all of the following except which?
Full disclosure promotes the existence of script kiddies.
According to CERT"s full disclosure policy, when will software vulnerability be released to the public after it i sfirst reported and assuming all stipulations are met by the vendor?
45 days
The RFP Full Disclosure Policy enforces stricter actions on the software vendors than the other vulnerability disclosure models. What does RFP stand for?
RainForest Puppy
A consortium participates in the software vulnerability arena by working to achieve two primary goals:Reduce the risk of software vulnerability by providing an improved method of identification, investigation, and resolution.
2) Improve the overall engineering quality of software by tightening the scrutiny placed upon the end product. What is this consortium?
According to the OIS disclosure policy, what should the vulnerability finder complete and send to the vendor once a flaw has been identified and verified?
Which disclosure policy states that a vendor has five days to respond to a vulnerability report or the finder can take the information public?
Full Disclosure RFP
Which of the following is a global security organization that employs bug finders to look for vulnerabilities within commonly used systems and application?