Exploit Code At Security Focus Removed

by Derek Vadala

Related link: http://online.securityfocus.com/bid



Looks like the exploit code from the Security Focus (i.e. Bugtraq) vulnerability database has been removed. There used to be an _exploit_ tab between _discussion_ and _solution_ on the individual vulnerabilty pages. It provided exploit code, if available. This was extremely useful for doing vulnerability testing so it's too bad. Seems to me that this is just one less resource for white hats and one more advantage for the blacks hats. I wonder if the recent acquisition by Symantec had something to do with the change.


Alternative vulnerability databases and security sites? Or, do you think this was the right decision?


3 Comments

mentata
2003-01-11 02:34:40
making security a secret art
Symantec seems to want to keep knowledge about security to themselves for the benefit of, well, themselves. On another note, if you're considering buying a Symantec product, be sure to add any "Gold Support Contract" costs to your expected price (at about +25%), because they won't lift a finger to support their offerings unless you do.
anonymous2
2003-03-19 08:09:52
Exploit Code
So are there any sites around that have a db of expl. code?


For Pen testing this is relly useful.

Derek Vadala
2003-03-19 09:25:46
Exploit Code
I haven't found any that are nearly as good as security focus. Good news though: the tab (and code) has returned as of about a month ago.