A bug a day certainly won’t keep the hackers away – not after a security researcher has pledged to publish information about a new web browser vulnerability each day during July.
H.D. Moore, creator of the well-known Metasploit toolkit – an open-source platform for developing, testing and using exploit code – said on his blog that he decided to embark on the mission "to create awareness about the types of bugs that plague modern browsers and to demonstrate the techniques used to discover them."
Moore, who is calling the initiative the "Month of Browser Bugs" project, said the 31 bug details will not lead hackers to exploit code.
"The hacks we publish are carefully chosen to demonstrate a concept without disclosing a direct path to remote code execution," said Moore, a founder of risk assessment firm Digital Defense.
So far, he has published information concerning four Internet Explorer bugs, one Mozilla Firefox flaw and an Apple vulnerability. Moore said he reported the four Microsoft bugs to the software giant on March 6 and plans to report the Mozilla and Apple flaws to the Open Source Vulnerability Database.
Don Leatham, director of solutions and strategy at PatchLink, said he supports Moore's project but encourages him to responsibly report all vulnerabilities he discovers.
"PatchLink is supportive of HD Moore's effort to bring to light the importance of on-going security to ensure networks are protected at all times. If he is successful in his efforts, it will be a proof-point that we are still a long way from being able to consider network security a 'solved problem,'" Leatham said. "We highly encourage any person (s) or entity that discovers a vulnerability to responsibly report it to the software vendor as soon as possible, including holding back public release of any information that could be used to build an exploit until well after a patch has been released."