The Security Eunoia

In 1982 Johnson & Johnson the company making Tylenol had to contend with a major financial and image problem when contaminated Tylenol capsules caused the deaths of 7 people. Investigators discovered that someone had filled Tylenol capsules with solid cyanide compound and replaced the original Tylenol bottles with poisoned ones in some supermarkets and drug stores.
What did the company do and what lessons do we learn from it?

It’s been reported that WordPress, a popular blogging application is vulnerable to cross-site scripting (XSS). The vulnerability, discovered in the RSS feed generator and complete with a PoC, affects all versions prior to and including version 2.6.3. A week after the vendor (WordPress) was notified, it released a new version (2.6.5).

Vulnerability disclosure has been raging for as long as it has been. While some support what is known as Full Disclosure, a practice of going public with full details of security vulnerabilities, what appears to be an industry norm these days is called Responsible Disclosure where the details of the vulnerability is first disclosed to the vendor. So why does there appear to be a rift between TrendMicro and ISS X-Force?

Google acted quickly to fix a cross site scripting vulnerability reported in the vulnerability archive xssed.com. It took just hours between showing up in the archive and being reported fixed. This comes after being heavily criticsed for not acting quickly to fix other reported vulnerabilities in the past. Read more here