Economics of Vulnerability Disclosure
Vulnerability disclosure refers to the process of identifying, reporting and patching weaknesses of software, hardware or services that can be exploited. The different actors within a vulnerability disclosure process are subject to a range of…
State of Vulnerabilities 2018/2019 - Analysis of Events in the life of Vulnerabilities
The purpose of this report is to provide an insight on both the opportunities and limitations the vulnerability ecosystem offers. By using the vulnerabilities published during the year of 2018 and Q1-Q2 of 2019 as a vehicle, this report goes beyond…
Developing National Vulnerabilities Programmes
Based on the experiences and perspectives gathered from industry players and national governments, as well as on the documentation developed by multiple actors involved with national vulnerability initiatives and programmes, the EU Coordinated…
Good Practice Guide on Vulnerability Disclosure. From challenges to recommendations
Vulnerabilities are ‘flaws’ or ‘mistakes’ in computer-based systems that may be exploited to compromise the network and information security of affected systems. They provide a point-of-entry or gateway to exploit a system and as such pose…
Situational Report on Microsoft Exchange Vulnerabilities
This ENISA situation report provides an assessment as well as advice and mitigation measures for the MS Exchange vulnerabilities. The threat for the new updates has been assessed as severe and ENISA considers attacks probable and of high risk. The…
Coordinated Vulnerability Disclosure Policies in the EU
This report analyses information and presents an overview of coordinated vulnerability disclosure (CVD) policies at the national level within the EU. Aside from offering a comprehensive overview of the EU CVD state of play, it also provides high-…
ENISA Threat Landscape for 5G Networks Report
This report is an update of the ENISA 5G Threat Landscape, published in its first edition in 2019. This document is a major update of the previous edition. It encompasses all novelties introduced, it captures developments in the 5G architecture and…
Window of exposure… a real problem for SCADA systems?
Much of Europe’s critical infrastructure which resides in sectors such as energy, transportation,water supply is largely managed and controlled by SCADA (Supervisory Control and Data Acquisition) systems, a subgroup of Industrial Control Systems…
Flash Note: The BASH Shellshock Bug
Last week a serious, remotely exploitable vulnerability was discovered in the widely deployed Bourne Again Shell (BASH). The technical background is analysed by ENISA in a new flash note.
Pagination