283 software vendors have fixed 921 vulnerabilities in their products thanks to High-Tech Bridge Security Research Lab.
Patch Available Upon Disclosure
|2013 Q4: 67%||2013 Q1: 100%|
|2013 Q3: 77%||2012 Q4: 68%|
|2013 Q2: 92%||2012 Q3: 69%|
Vendor Average Time to Patch
|2013 Q4: 8 days||2013 Q1: 13 days|
|2013 Q3: 13 days||2012 Q4: 26 days|
|2013 Q2: 30 days||2012 Q3: 22 days|
High-Tech Bridge devotes significant internal resources to continuous security research. We strongly believe that security research is one of the main factors in maintaining the highest quality of our services. A part of our research is public and we are pleased to share our knowledge with the information security community via our Research page.
The first pillar of our public research is our security advisories, also known as HTB Advisories, which are both CVE and CWE compatible. They are provided on a non-profit basis with the goal of helping software vendors, including Microsoft, IBM, Novell, McAfee, Sony, HP, Samsung, OpenOffice, Corel, WordPress, Joomla, OpenX and hundreds of others improve the security of their products.
High-Tech Bridge is also one of a number of organizations with CVE Identifiers.
Latest Security Advisories
- HTB23205: Cross-Site Scripting (XSS) in CMSimple
- HTB23204: Cross-Site Scripting (XSS) in Open Classifieds
- HTB23203: Cross-Site Scripting (XSS) in Ilch CMS
- HTB23202: Multiple Vulnerabilities in OpenDocMan
- HTB23199: Multiple Vulnerabilities in VideoWhisper Live Streaming Integration WP Plugin
- HTB23201: SQL Injection in AdRotate
- HTB23200: Multiple Cross-Site Scripting (XSS) in Seo Panel
- HTB23198: Multiple Vulnerabilities in Eventum
- HTB23197: SQL Injection in doorGets CMS
- HTB23196: Multiple SQL Injection Vulnerabilities in AuraCMS
The second pillar of our public research is White Papers and Security Publications that share our internal analyses and research topics with the industry.
Latest Security Publications and Presentations
- ImmuniWeb® Self-Fuzzer Firefox Extension
- Welcome to the World Wild Web [French]
- Fuzzing: An introduction to Sulley Framework
- CVE-2013-0804: Novell GroupWise Untrusted Pointer Dereference Exploitation
- Manipulating Memory for Fun & Profit
- In-Memory Fuzzing with Java
- CVE-2012-1535: Adobe Flash Player Integer Overflow Vulnerability Analysis
- The Growing Hacking Threat to Websites
- How to use PyDbg as a powerful multitasking debugger
- CVE-2012-1889: Security Update Analysis