Month of bugs

Last updated July 06, 2024

A month of bugs is a strategy used by security researchers to draw attention to the lax security procedures of commercial software corporations.

Examples

The original "Month of Bugs" was the Month of Browser Bugs (MoBB) run by security researcher H. D. Moore.^[1]

Subsequent similar projects include:

The Month of Kernel Bugs (MoKB) which published kernel bugs for Mac OS X (now macOS), Linux, FreeBSD, Solaris and Windows, as well as four wireless driver bugs.^[2]^[3]^[4]
The Month of Apple Bugs (MoAB) conducted by researchers Kevin Finisterre and LMH which published bugs related to Mac OS X.^[5]^[6]^[7]
The Month of PHP Bugs sponsored by the Hardened PHP team which published 44 PHP bugs.^[8]^[9]^[10]

Related Research Articles

Microsoft Windows is a product line of proprietary graphical operating systems developed and marketed by Microsoft. It is grouped into families and sub-families that cater to particular sectors of the computing industry – Windows (unqualified) for a consumer or corporate workstation, Windows Server for a server and Windows IoT for an embedded system. Defunct families include Windows 9x, Windows Mobile, Windows Phone, and Windows Embedded Compact.

Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage Portable Document Format (PDF) files.

Windows 7 is a major release of the Windows NT operating system developed by Microsoft. It was released to manufacturing on July 22, 2009, and became generally available on October 22, 2009. It is the successor to Windows Vista, released nearly three years earlier. Windows 7's server counterpart, Windows Server 2008 R2, was released at the same time. Windows 7 remained an operating system for use on personal computers, including home and business desktops, laptops, tablet PCs and media center PCs, and itself was replaced in November 2012 by Windows 8, the name spanning more than three years of the product.

ZDNET is a business technology news website owned and operated by Red Ventures. The brand was founded on April 1, 1991, as a general interest technology portal from Ziff Davis and evolved into an enterprise IT–focused online publication.

HFS Plus or HFS+ is a journaling file system developed by Apple Inc. It replaced the Hierarchical File System (HFS) as the primary file system of Apple computers with the 1998 release of Mac OS 8.1. HFS+ continued as the primary Mac OS X file system until it was itself replaced with the Apple File System (APFS), released with macOS High Sierra in 2017. HFS+ is also one of the formats supported by the iPod digital music player.

Linux adoption is the adoption of Linux computer operating systems (OS) by households, nonprofit organizations, businesses, and governments.

Faronics Corporation is a privately held software company with offices in Vancouver, British Columbia, Canada, Pleasanton, California, United States, Singapore and Bracknell, UK. Faronics develops computer software for multi-user IT environments.

Joanna Rutkowska is a Polish computer security researcher, primarily known for her research on low-level security and stealth malware, and as founder of the Qubes OS security-focused desktop operating system.

Blue Pill is the codename for a rootkit based on x86 virtualization. Blue Pill originally required AMD-V (Pacifica) virtualization support, but was later ported to support Intel VT-x (Vanderpool) as well. It was designed by Joanna Rutkowska and originally demonstrated at the Black Hat Briefings on August 3, 2006, with a reference implementation for the Microsoft Windows Vista kernel.

Android is a mobile operating system based on a modified version of the Linux kernel and other open-source software, designed primarily for touchscreen mobile devices such as smartphones and tablets. Android is developed by a consortium of developers known as the Open Handset Alliance, though its most widely used version is primarily developed by Google. It was unveiled in November 2007, with the first commercial Android device, the HTC Dream, being launched in September 2008.

A mobile operating system is an operating system used for smartphones, tablets, smartwatches, smartglasses, or other non-laptop personal mobile computing devices. While computers such as typical/mobile laptops are "mobile", the operating systems used on them are generally not considered mobile, as they were originally designed for desktop computers that historically did not have or need specific mobile features. This line distinguishing mobile and other forms has become blurred in recent years, due to the fact that newer devices have become smaller and more mobile unlike hardware of the past. Key notabilities blurring this line are the introduction of tablet computers, light laptops, and the hybridization of the two in 2-in-1 PCs.

Symantec Endpoint Protection, developed by Broadcom Inc., is a security software suite that consists of anti-malware, intrusion prevention and firewall features for server and desktop computers.

iOS is a mobile operating system developed by Apple exclusively for its smartphones. It was unveiled in January 2007 for the first-generation iPhone, launched in June 2007.

<span class="mw-page-title-main">Windows Phone</span> Family of mobile operating systems developed by Microsoft

Windows Phone (WP) is a discontinued mobile operating system developed by Microsoft for smartphones as the replacement successor to Windows Mobile and Zune. Windows Phone featured a new user interface derived from the Metro design language. Unlike Windows Mobile, it was primarily aimed at the consumer market rather than the enterprise market.

iOS jailbreaking is the use of a privilege escalation exploit to remove software restrictions imposed by Apple on devices running iOS and iOS-based operating systems. It is typically done through a series of kernel patches. A jailbroken device typically permits root access within the operating system and provides the right to install software unavailable through the App Store. Different devices and versions are exploited with a variety of tools. Apple views jailbreaking as a violation of the end-user license agreement and strongly cautions device owners not to try to achieve root access through the exploitation of vulnerabilities.

Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference. First held in April 2007 in Vancouver, the contest is now held twice a year, most recently in March 2024. Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities. Winners of the contest receive the device that they exploited and a cash prize. The Pwn2Own contest serves to demonstrate the vulnerability of devices and software in widespread use while also providing a checkpoint on the progress made in security since the previous year.

Chromebook is a line of laptop and tablet computers that some consider electronic waste. Chromebooks run the proprietary operating system ChromeOS, developed by Google.

Windows 10 is a major release of Microsoft's Windows NT operating system. It is the direct successor to Windows 8.1, which was released nearly two years earlier. It was released to manufacturing on July 15, 2015, and later to retail on July 29, 2015. Windows 10 was made available for download via MSDN and TechNet, as a free upgrade for retail copies of Windows 8 and Windows 8.1 users via the Microsoft Store, and to Windows 7 users via Windows Update. Windows 10 receives new builds on an ongoing basis, which are available at no additional cost to users, in addition to additional test builds of Windows 10, which are available to Windows Insiders. Devices in enterprise environments can receive these updates at a slower pace, or use long-term support milestones that only receive critical updates, such as security patches, over their ten-year lifespan of extended support. In June 2021, Microsoft announced that support for Windows 10 editions which are not in the Long-Term Servicing Channel (LTSC) will end on October 14, 2025.

Zephyr is a small real-time operating system (RTOS) for connected, resource-constrained and embedded devices supporting multiple architectures and released under the Apache License 2.0. Zephyr includes a kernel, and all components and libraries, device drivers, protocol stacks, file systems, and firmware updates, needed to develop full application software.

References

↑ Kerner, Sean Michael (5 July 2006). "The Month of The Browser Bugs Begins". InternetNews.com. QuinStreet Inc. Retrieved 22 October 2010.
↑ Mogull, Rich (6 November 2006). "Learn from 'Month of Kernel Bugs'". Gartner archive. Gartner Inc. Archived from the original on 23 September 2012. Retrieved 22 October 2010.
↑ Naraine, Ryan (1 November 2006). "Month of Kernel Bugs Launches with Apple Wi-Fi Exploit". eWeek . Ziff Davis Enterprise Holdings Inc. Retrieved 22 October 2010.
↑ Evers, Joris (2 November 2006). "Apple wireless flaw revealed". ZDNet . CBS Interactive . Retrieved 22 October 2010.
↑ McMillan, Robert (20 December 2006). "Apple Bug-Hunt Begins". PC World . PCWorld Communications, Inc. Retrieved 22 October 2010.
↑ Leyden, John (20 December 2006). "Month of Apple bugs planned for January". The Register . The Register. Retrieved 22 October 2010.
↑ Naraine, Ryan (19 December 2006). "Coming in January: Month of Apple Bugs". eWeek Security Watch. Ziff Davis Enterprise Holdings Inc. Retrieved 22 October 2010.
↑ Prince, Brian (3 March 2007). "Month of PHP Bugs Begins". eWeek . Ziff Davis Enterprise Holdings Inc. Retrieved 22 October 2010.
↑ Naraine, Ryan (1 March 2007). "Flaw trifecta kicks off Month of PHP bugs". ZDNet . CBS Interactive. Archived from the original on 12 August 2010. Retrieved 22 October 2007.
↑ Naraine, Ryan (4 May 2007). "Controversial 'month of bugs' getting security results". ZDNet . CBS Interactive . Retrieved 22 October 2010.

External links

Month of Kernel Bugs (MoKB) archive
Kernel Fun: Month of the Kernel Bugs blog
Month of Apple Bugs (MoAB) archive
Apple Fun: Month of the Apple Buggs blog
Info-pull.com blog: A complementary blog from the hosts of MoKB and MoAB
The Month of PHP Security

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[MoBB-internetnews.com-1] Kerner, Sean Michael (5 July 2006). "The Month of The Browser Bugs Begins". InternetNews.com. QuinStreet Inc. Retrieved 22 October 2010.

[MoKB-gartner-2] Mogull, Rich (6 November 2006). "Learn from 'Month of Kernel Bugs'". Gartner archive. Gartner Inc. Archived from the original on 23 September 2012. Retrieved 22 October 2010.

[MoKB-eweek-3] Naraine, Ryan (1 November 2006). "Month of Kernel Bugs Launches with Apple Wi-Fi Exploit". eWeek . Ziff Davis Enterprise Holdings Inc. Retrieved 22 October 2010.

[MoKB-zdnet-4] Evers, Joris (2 November 2006). "Apple wireless flaw revealed". ZDNet . CBS Interactive . Retrieved 22 October 2010.

[MoAB-PCWorld-5] McMillan, Robert (20 December 2006). "Apple Bug-Hunt Begins". PC World . PCWorld Communications, Inc. Retrieved 22 October 2010.

[MoAB-theregister-6] Leyden, John (20 December 2006). "Month of Apple bugs planned for January". The Register . The Register. Retrieved 22 October 2010.

[MoAB-eweek-7] Naraine, Ryan (19 December 2006). "Coming in January: Month of Apple Bugs". eWeek Security Watch. Ziff Davis Enterprise Holdings Inc. Retrieved 22 October 2010.

[MoPHPB-eweek-8] Prince, Brian (3 March 2007). "Month of PHP Bugs Begins". eWeek . Ziff Davis Enterprise Holdings Inc. Retrieved 22 October 2010.

[MoPHPB-zdnet-9] Naraine, Ryan (1 March 2007). "Flaw trifecta kicks off Month of PHP bugs". ZDNet . CBS Interactive. Archived from the original on 12 August 2010. Retrieved 22 October 2007.

[MoPHPB-zdnet-result-10] Naraine, Ryan (4 May 2007). "Controversial 'month of bugs' getting security results". ZDNet . CBS Interactive . Retrieved 22 October 2010.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

Month of bugs

Contents

Examples

See also

Related Research Articles

References

Further reading

External links