#qualys

#qualys

Thakar said that things needed to change in the cyber security world. "Continuing in the way that we have where we would scan every week or two and those scans were dumped somewhere on a hard drive somewhere and then someone goes and triages those manually and then you try to fix everything that comes your way - that approach is not really a success," he said. "Continuing that approach is just not in the future."

These race conditions allow a local attacker to exploit a SUID program and gain read access to the resulting core dump, explains Qualys product manager Saeed Abbasi.