Aggregator

目前比较知名的相关模型包括：构建安全成熟度模型（BSSIM）、软件保障成熟度模型（OWASP SAMM）、软件安全能力成熟度模型（中国信息安全测评中心 SSCMM）、CMMI+SAFE（卡内基梅隆大学开发，作为 CMMI-DEV 的扩展）、NIST CSF框架等。 在这些模型中，活跃度比较高的是BSSIM，一些在安全领域做得好的企业，常用于评估或改进软件安全能力的框架，企业可以自评确定当前的安全水平及规划提升路径（网上早已流传自评表）。亦可找第三方公司进行评估，证明软件安全的能力以帮助业务提升竞争力。 更多内容，可以访问： 1、SDL 100问 SDL100问：我与SDL的故事 SAST误报太高，如何解决？ SDL需要哪些人参与？ SDL是否适合互联网公司？ 如何计算安全评审的覆盖率？ 研发安全管理用哪些工具？ 线上系统变更，不安全提测怎么办？ ATT＆CK与SDL能否混搭使用？ SDL 59/100问：关于第三方组件安全扫描系统的运营，可以定哪些指标？ 2、SDL创新实践 首发！“ 研发安全运营 ” 架构研究与实践 DevSecOps实施关键：研发安全团队 DevSecOps实施关键：研发安全流程 DevSecOps实施关键：研发安全规范 从安全视角，看研发安全 数字化转型下的研发安全痛点 3、SDL最初实践 【SDL最初实践】开篇 【SDL最初实践】安全培训 【SDL最初实践】安全需求 【SDL最初实践】安全设计 【SDL最初实践】安全开发 【SDL最初实践】安全测试 【SDL最初实践】安全审核 【SDL最初实践】安全响应 4、软件供应链安全 软件供应商面临的攻防实战风险 软件供应商实战对抗十大安全举措 软件供应商攻防常规战之SDL 软件供应链投毒事件应急响应 浅谈企业级供应链投毒应急安全能力建设 5、安全运营实践 基于实践的安全事件简述 安全事件运营SOP：钓鱼邮件 安全事件运营SOP：网络攻击 安全事件运营SOP：蜜罐告警 安全事件运营SOP：webshell事件 安全事件运营SOP：接收漏洞事件 应急响应：redis挖矿（防御篇） 应急响应：redis挖矿（攻击篇） 应急响应：redis挖矿（完结篇） 应急能力提升：实战应急困境与突破 应急能力提升：挖矿权限维持攻击模拟 应急能力提升：内网横向移动攻击模拟 应急能力提升：实战应急响应经验

Understanding how multiple AI models speak to each other and deciding which framework to use requires careful evaluation of both the business benefits of advanced AI orchestration and the cybersecurity implications of connecting automated services.

A vulnerability, which was classified as problematic, has been found in Fortinet FortiOS 5.0.5. Affected by this issue is some unknown functionality of the file firewall/schedule/recurrdlg. The manipulation of the argument mkey leads to cross site scripting (Reflected). This vulnerability is handled as CVE-2013-7182. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in NVIDIA Graphics Drivers 307.00 and classified as critical. Affected by this issue is some unknown functionality of the component Display Driver Service. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2013-0109. Attacking locally is a requirement. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in IBM WebSphere Application Server up to 8.5.0.1. This affects an unknown part of the component RPC Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2013-0565. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in IBM Notes up to 9.0. This vulnerability affects unknown code of the component Password Manager. The manipulation leads to credentials management. This vulnerability was named CVE-2013-0534. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Fortinet FortiWeb 5.0.3. Affected by this vulnerability is an unknown functionality of the file /user/ldap_user/add. The manipulation leads to cross site scripting (Reflected). This vulnerability is known as CVE-2013-7181. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in HP LaserJet Pro up to Firmware 20130703. It has been classified as critical. This affects an unknown part of the component Access Control Handler. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2013-4807. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Mozilla Firefox and Thunderbird 16.0.1/16.0.2. This issue affects some unknown processing of the component HZ-GB-2312 Charset Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2012-4207. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM WebSphere Application Server 8.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2012-4851. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Eliteladders Elite Gaming Ladders 3.5. It has been rated as critical. This issue affects some unknown processing of the file standings.php. The manipulation of the argument ladder[id] leads to sql injection. The identification of this vulnerability is CVE-2010-5014. The attack may be initiated remotely. Furthermore, there is an exploit available.

开源AI工具SWE-agent可自主修复GitHub漏洞，网络安全模式EnIGMA表现抢眼！

The tech giant is boosting Entra ID and MSA security as part of the wide-ranging Secure Future Initiative (SFI) that the company launched following a Chinese APT's breach of its Exchange Online environment in 2023.