Secunia Drops Public Listing of Vulnerabilities

← Back to Stories (view on slashdot.org)

Secunia Drops Public Listing of Vulnerabilities

Posted by timothy on Friday June 19, 2015 @02:33PM from the market-opportunityism dept.

New submitter CheckeredShirt writes: Vulnerability aggregator Secunia just announced on a forum post that they will no longer provide public access to advisories newer than 9 months. According to Secunia they, "frequently encounter organizations engaged in wrongful use of Secunia Advisories," and that VIM customers, "have full access to all advisories." While Secunia is under no obligation to provide their aggregated vulnerabilities they've been doing it for over 10 years. The information they provide is primarily from public sources.

19 comments

Min score:

Reason:

Sort:

So What? Another Will Eat Their Lunch by BlueStrat · 2015-06-19 14:47 · Score: 4, Insightful

Another bright individual or group will see the opportunity and absorb the users Secunia leaves behind, eventually rendering Secunia irrelevant.
If Secunia is determined to cripple itself, that's their call. The rest of the internet will not follow them over that cliff.
Strat

--
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
1. Re:So What? Another Will Eat Their Lunch by Anonymous Coward · 2015-06-19 15:18 · Score: 0
  
  Yep. Secunia just created an opportunity to make a bit of cash at their expense.
2. Re:So What? Another Will Eat Their Lunch by Anonymous Coward · 2015-06-19 16:30 · Score: 1
  
  Someone else can take in the abusers and the freeloaders.
3. Re:So What? Another Will Eat Their Lunch by Plumpaquatsch · 2015-06-19 21:53 · Score: 2
  
  Yep. Secunia just created an opportunity to make a bit of cash at their expense.
  You mean someone will collect the data from all over the internet, then sell the collection (and provide automated alarms by email or text message) - just like Secunia does? Or will they provide it for free, add supported - and after a few weeks will close shop, because others copied their data, and did the same? So, not quite exactly what Secunia does?
  
  --
  Of course news about a fake are Fake News.
4. Re:So What? Another Will Eat Their Lunch by Anonymous Coward · 2015-06-20 00:12 · Score: 0
  
  Just go to NIST https://web.nvd.nist.gov/view/vuln/search
5. Re: So What? Another Will Eat Their Lunch by Anonymous Coward · 2015-06-20 05:08 · Score: 0
  
  Secunia has been a nice little cottage biz for over a decade. I'd posit that this has more to do with differentiating their paid offering than it does with limiting publication of vulnerabilities to make exploitation harder.
Slashdot drama by antiperimetaparalogo · 2015-06-19 15:01 · Score: 4, Informative

According to Secunia they, "frequently encounter organizations engaged in wrongful use of Secunia Advisories,"
According to Secunia: "The decision was made to avoid abuse of the advisories for commercial use, and because we frequently encounter organizations engaged in wrongful use of Secunia Advisories." - include that part also from the forum post and avoid much of the "Slashdot drama"...

--
Antisthenes: "Wisdom begins by examining the words/names." - excuse my English, i am (slightly...) better with my Greek!
1. Re:Slashdot drama by CODiNE · 2015-06-19 16:20 · Score: 1
  
  So the editor essentially lied to us by leaving that part out?
  
  --
  Cwm, fjord-bank glyphs vext quiz
2. Re:Slashdot drama by antiperimetaparalogo · 2015-06-19 16:57 · Score: 1, Funny
  
  So the editor essentially lied to us by leaving that part out?
  Well, let's not make it so dramatic by using this "lie" word - as a Greek i think that they just used some of my famous ancestors' ways of making the narrative a bit more tragic by excluding some parts from the prologue... it makes theater more interesting, let's not complain so much and just enjoy this comedy my friend!
  
  --
  Antisthenes: "Wisdom begins by examining the words/names." - excuse my English, i am (slightly...) better with my Greek!
Ha! by EmeraldBot · 2015-06-19 15:07 · Score: 5, Funny

and that VIM customers, "have full access to all advisories."
Ha! Take that, Emacs users! ;P

--
"Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
1. Re:Ha! by Martin+Blank · 2015-06-19 17:25 · Score: 2
  
  Completely off-topic, but in reference to your sig:
  I prefer the phrasing, "Set a man a fire, and he'll be warm for the night. Set a man afire, and he'll be warm for the rest of his life." The wordplay is a little better that way.
  
  --
  You can never go home again... but I guess you can shop there.
2. Re:Ha! by Plumpaquatsch · 2015-06-19 22:20 · Score: 1
  
  and that VIM customers, "have full access to all advisories."
  Ha! Take that, Emacs users! ;P
  You joke about the confusion - but one VIM (the editor) update from RedHat actually wiped the data from the self-hosted version of VIM (from Secunia).
  
  --
  Of course news about a fake are Fake News.
FBI by fustakrakich · 2015-06-19 16:23 · Score: 1

NSL

--
“He’s not deformed, he’s just drunk!”
Commercial [Ab]use by Anonymous Coward · 2015-06-19 16:26 · Score: 0

You know, it's always great to see a company like Secunia take a stand. They see, out there, their database is being abused by commercial interests like malware authors, and they realize that simply giving those malware authors public access undercuts Secunia's ability to get a cut of the action. So, bravo for them and their quest to be financially invested in being a part of the problem.
1. Re:Commercial [Ab]use by Martin+Blank · 2015-06-19 17:23 · Score: 1
  
  I stopped using Secunia as a primary source a long time ago due to some other issues I had with their actions (I don't clearly remember what it was, though). I've been using CVE-Details for a while now, in large part because they link to so many outside resources (including working exploit code in some cases) that it's just more useful overall. It doesn't catch everything (not every vuln gets a CVE number), but it gets enough and provides better summary data than most.
  
  --
  You can never go home again... but I guess you can shop there.
Pot. Kettle. Black. by altonius · 2015-06-19 17:41 · Score: 2

It's interesting that they've stopped the public from accessing their Vulnerability DB but they've been relying on taking information from other publicly available databases for years........
1. Re: Pot. Kettle. Black. by Anonymous Coward · 2015-06-20 03:03 · Score: 0
  
  They want exclusive rights to publically available information they gather.
  I'd very much like to see a community run effort come to life. It's not really that expensive to run a similar service if there are enough volunteers in the project.
Abuse for commercial reasons by simplypeachy · 2015-06-19 18:02 · Score: 1

Maybe this'll mean Secunia will stop sending me UCE, which is an abuse of email, for their commercial reasons?
Good riddance! by evilrip · 2015-06-19 19:01 · Score: 1

Honestly, one less generically filled out vague template to waste time on. also aren't these the same people who feed the NSA? that's the true abuse.

--
"To err is human, to forgive, beyond the scope of the Operating System"