http://securityblog.verizonbusiness.com/2009/03/19/oh-what-a-pill/ Risk Intelligence from Verizon Business Security Solutions powered by Cybertrust Wed, 10 Mar 2010 21:13:06 +0000 http://wordpress.org/?v= hourly 1 http://securityblog.verizonbusiness.com/2009/03/19/oh-what-a-pill/comment-page-1/#comment-229 Dave Kennedy Sun, 22 Mar 2009 01:26:53 +0000 http://securityblog.verizonbusiness.com/?p=173#comment-229 As with "bluepill" before it, discoveries of vulnerabilities or even creation of proof of concept code does not equate to risk for enterprises and users. Unless and until criminals begin using these issues for successful attacks, these vulnerabilites should continue to be filed with all the tens of thousands of others that have never been used. If the are not, have not and will not be used, there's no reason to spend time or money defending them. As with “bluepill” before it, discoveries of vulnerabilities or even creation of proof of concept code does not equate to risk for enterprises and users. Unless and until criminals begin using these issues for successful attacks, these vulnerabilites should continue to be filed with all the tens of thousands of others that have never been used. If the are not, have not and will not be used, there’s no reason to spend time or money defending them.

]]>