ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2017-11-17 | Recorded Future CNNVD report, GitHub security alerts, and Geekboy’s XSS fun

Friday, November 17

TOP STORY

  • Recorded Future published a follow up report on China’s National Vulnerability Database (CNNVD) speed of capturing up-to-date information for software vulnerabilities - it appears there is a formal evaluation process for determining operational use by Ministry of State Security (MSS) prior to publication.  

TWEET OF THE DAY

OTHER ARTICLES WE’RE READING

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

Get this email forwarded to you? Click here to subscribe to the Zero Daily

Recorded Future analysis has uncovered evidence of a formal vulnerability evaluation process at CNNVD in which High-threat CVEs are likely evaluated for their operational utility by the MSS before publication.

Recorded Future