By Ina Ragragio
Yesterday, Microsoft released a number of patches to fix critical vulnerabilities, including one discovered by Secunia Research (http://secunia.com/advisories/23769/). This is the third Microsoft Bulletin release for the year that featured a vulnerability discovered by one from our very own research team.
Skill and dedication
The Secunia Research Team doesn't just analyse and test vulnerability reports made by third party researchers. They also conduct research on their own, which is why they're able to identify a rather large quantity of vulnerabilities through in-house research.
Last year alone, Secunia Research issued 76 Secunia Research advisories about the vulnerabilities found in-house. In 2007, Secunia has so far found 4 vulnerabilities in Microsoft products, 2 in Symantec products, 1 in CA products, 1 in Apple products, and many many more in products from other vendors. We're not even halfway through the year, and yet Secunia already has 52 Secunia Research advisories in the pipeline.
Barking isn't enough
Being the watchdog barking loud when vendors make buggy code that can be exploited by the bad guys isn't enough for Secunia and the Secunia Research Team.
For Secunia it is equally important that our team of researchers possesses the skills necessary to conduct ground breaking research into new vulnerabilities using all (legal) tricks and tools of the trade, whether it is reversing code, black box testing, fuzzing, or source code auditing.
Supplier to the AV and IDS industry
Having such a strong team of Security Specialists is also what makes it possible for Secunia to deliver extensive binary analysis reports of the most important vulnerabilities in both client applications and network services. This is further accompanied by in-house development of Proof-of-Concept and fully working exploit code to important industrial players in the anti-virus and IDS industry.
These highly detailed reports also cover silent fixes and information about vulnerabilities not properly patched. This information is used by market leading anti-virus and IDS vendors to deliver high quality signatures to detect exploitation of vulnerabilities rather than only detecting known exploits like so many others.
The Secunia Research Team will continue to provide you with the most reliable, unbiased vulnerable intelligence by monitoring, testing, and verifying reported vulnerabilities in all kinds of software, from the smallest web applications to the largest and most complicated operating systems and office suites. This is the Secunia commitment to our readers and customers.
The right information at the right time!