Please write your responses in NON-BOLD text.
Q1.What distinct states does a vulnerability transition through?
Q2. Study Figure 1, then comment on why a person would expect this graph regarding Discovery, Disclosure, and Patch Released.
Q3. What purposes does Bugtraq serve?
Q4. What is Phf and how did attackers gain access to the root user level in the Phf incident?
Q5. a.What is IMAP?
b.What are the two attack types that caused a buffer overflow in IMAP?
Q6. a. What is the purpose of BIND?
b.How was a buffer overflow created in BIND?
Q7. Compare Figure 4 – IMAP histogram and Figure 5 – BIND histogram.Why are there such great differences in the two graphs?
Q8. Explain the two positions titled “The Great Debate.”
Q9. Patches for the three vulnerabilities in this case study were available.Comment on why attacks still happened.Also, discuss “active management.”
Q10. What are the benefits of independent auditing in regard to active systems management?