Zero-day exploits, where worms or viruses are used to attack computers before their vulnerability is publicly announced, could be dramatically reduced if a tool created Immunity is adopted, said the company.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
As a vulnerability tester, Immunity said its rationale is to hunt down and publicise zero-day security flaws. At Defcon in Las Vegas it released its free debugger tool, which can help security professionals slash the time needed to expose any system's vulnerability, which can then be patched by suppliers or trusted security partners.
"It is the bugs themselves that are the problem, not the discovery and disclosure of those bugs," said Immunity chief executive, Dave Aitel.
However, not everyone thinks publicising security flaws is responsible. "There is a school of though that publishing the flaws in any IT system gives hackers a free tip-off," said Paul Docherty, technical director of UK security supplier Portcullis Security, a partner of Immunity.
"We think any information that is in the public domain is a good thing. Zero-day hackers do not share their information anyway. The quicker you expose the flaws, the quicker the suppliers can close them down."
Also, he said, vulnerabilities are not published until 30 days after the patch to conceal them has been circulated.
"We put everything together and developed something we feel very comfortable using," said Aitel. "It took us nearly a year to develop, but it means you can create a defence in no time."
All of Debugger's features, including its API, graphing engine and graphical API, are accessible from the Python scripting engine, Immunity announced.
Debugger includes a number of example scripts and users can write their own scripts. The software as well as monthly updates will be provided free of charge.
Comment on this article: firstname.lastname@example.org