Index :
0. About World Laboratory of Bugtraq
1. Identification of safety notes
2. Adding entries
3. Description specification of the note details
4. WLB History and contact
0. About World Laboratory of Bugtraq (WLB)
World Laboratory of Bugtraq (WLB) is a huge collection of information on data communications safety. Its main objective is to inform about errors in various applications.
The WLB tolerance does not exclude information on errors in a configuration or other entries of this kind of dangerous operations character. One of the basic foundations of "World Laboratory of Bugtraq" is interaction with SecurityReason users. Each safety note, can be modified by the users, and then verified by the SecurityReason team. The WLB product differs from the existing SecurityAlert base with its own autonomy of liberality. The existing product (SecurityAlert) is a list of authentic errors, verified and labelled with their own CVE number . In the case of WLB, it is not required as is it possible to publish false susceptibilities (Dispute mark) so as to abolish the existence of that vulnerability.
1. Identification of safety notes
Determining the entry number in the WLB base is performed on the basis of assigning an individual number to every entry, according to the following pattern
WLB-YYYYMMNNNN
where:
YYYY - the year in which the given data were entered into the base
MM - analogically, the month
NNNN - the number which identifies a given entry in the base
An example number WLB
WLB-2000110108
which proves that a given entry was added to the base in November, 2000. The last numbers denote the ID number the given vulnerability in the given year and month.
In order to refer to a WLB number, one is allowed to use the following syntax :
 http://securityreason.com/wlb_show/[the number WLB]
or use a search engine to be found at
http://securityreason.com/search/
2. Adding entries
A WLB list has no limitations concerning information on data communications safety. After logging in UCP (User Control Panel), everyone is allowed to send a proposal of a note to the list. Safety notes can be added automatically by moderators.
3. Description specification of the note details
 Topic - defines the topic of an vulnerability, containing general information about the software and the kind of an error.
SecurityAlert - defines the ID number along with its link reference to the SA (SecurityAlert) base.
Date - defines the year, the month, the day. The aim of this value is to inform the user when a given entry was officially made accessible. It is analogical with the Updated field, with a small difference referring to the last accepted change in a given note.
Added by - defines the person who is the author of the given vulnerability as presented and described in the WLB safety note.
SecurityRisk - is a variable defining the total threat which can result from a given item of information. The criterion marking one of three levels, it is possible to use that information as well as the number of machines with the defective code. The threat classification takes place within the three levels presented and described in About SecurityAlert.
Remote and Local - define the manner of the vulnerability utilization as each machine can be attacked form the outside or from the internal level. These are quite important parameters since they tell us about the tactical utilization of the given information.
Status - defines a part of the given information. The classification occurs on three levels:
Bug - this informs that a note refers to the vulnerability present in a given application. Each item of information with this status states that a given vulnerability has taken place or is taking place at present.
Bogus (negation of an error) - each item of information with this status has a task to negate the existence of the false information. The use of this status is permitted in the case of a mistake or in order to countercheck the expansion of unnecessary panic.
Trick - all information with this status are of the character which proves a lack of cohesion among programmers, a possibility of an attack because of a bad configuration, a presentation of a new aspect of avoiding protections or (unnecessary) philosophical disputes on the theory of machine safety.
History - defines which changes were made into a given note, by whom and when. The dates define the time when that happened.
References is a field containing references to further information on a given vulnerability. One is permitted to enter references leading to the authors' web sites.
4. WLB History and contact
The World Laboratory of Bugtraq project is an alternative for other sources of information on errors with the emphasis on the liberal approach to entering notes. Its aim is not only to inform about errors in various software but also about manners of penetrating machines. The WLB idea was already formed in 2007 and an official launch of the base took place in March, 2008. Its main moderators are members of SecurityReason.
Dismissing the conservative manner of publishing information, as well as the elaborate details defining a given note, were the main objectives of creating the new source of information about errors. As contrasted with the appreciated SecurityAlert product, WLB collection allows a bigger range of information.
Should you have any queries, do not hesitate to contact us through the online form or an email info()securityreason()com.
|
- 2008-11-27