Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
8 Cards in this Set
- Front
- Back
|
John is a security expert who is stress testing a new server in his lab. He notices a security flaw one day and to ensure that his assumptions are correct, he exploits it. Which of the following terms would John be characterized as?
|
White hat
|
|
|
Advocates of full disclosure argue all of the following except which?
|
Full disclosure promotes the existence of script kiddies.
|
|
|
According to CERT"s full disclosure policy, when will software vulnerability be released to the public after it i sfirst reported and assuming all stipulations are met by the vendor?
|
45 days
|
|
|
The RFP Full Disclosure Policy enforces stricter actions on the software vendors than the other vulnerability disclosure models. What does RFP stand for?
|
RainForest Puppy
|
|
|
A consortium participates in the software vulnerability arena by working to achieve two primary goals:Reduce the risk of software vulnerability by providing an improved method of identification, investigation, and resolution.
2) Improve the overall engineering quality of software by tightening the scrutiny placed upon the end product. What is this consortium? |
OIS
|
|
|
According to the OIS disclosure policy, what should the vulnerability finder complete and send to the vendor once a flaw has been identified and verified?
|
VSR
|
|
|
Which disclosure policy states that a vendor has five days to respond to a vulnerability report or the finder can take the information public?
|
Full Disclosure RFP
|
|
|
Which of the following is a global security organization that employs bug finders to look for vulnerabilities within commonly used systems and application?
|
iDefense
|
