where many vulnerabilities are released to the public. This is in case the reporter goes public without you knowing it.
Also it's a good idea to look the list over and see what types of vulnerabilities are hitting applications. Don't just fix a single reported exploit and call it a day. Find out what else could be wrong security wise with your code and fix those issues as well.
Excellent point, onteria. To further your suggestion, if it's reported that some of your user-input variables aren't being escaped then you better check the rest of the unreported ones, too. And not just in that single file/controller/view/whatever! (EDIT: Or whatever the root-cause of the vulnerability is)
2 comments
[ 6.1 ms ] story [ 17.7 ms ] threadhttp://seclists.org/
where many vulnerabilities are released to the public. This is in case the reporter goes public without you knowing it.
Also it's a good idea to look the list over and see what types of vulnerabilities are hitting applications. Don't just fix a single reported exploit and call it a day. Find out what else could be wrong security wise with your code and fix those issues as well.