Photo: Sergei Karpukhin / Reuters
The national vulnerability database Russia is slowly filled up and is incomplete. To such conclusion analysts of the company Recorded Future. The study is published in the blog of the organization.
Experts analyzed the database of security threats to information published on the website of the Federal service for technical and export control (FSTEC). According to experts, the list is populated with only 10 percent of the known vulnerabilities. If that record is displayed with a large delay: 83 days later than in identical list of China, and 50 — than in the us.
Another disadvantage is considered to be extremely slow, the occupancy rate for the five years of existence of the database only in 2015 the number of new records reached 12 thousand. In other years their number did not exceed three or four thousand. The list is updated largely by using the feedback form.
Experts have criticized the organization that leads the base. The Federal service for technical and export control, they believe, is responsible for protecting state secrets, and also supports the intelligence services as subordinate of the Ministry of defense. It gave them reason to believe that the base consists mainly of vulnerabilities used “goshikinuma”.
FSTEC also populates a database of vulnerabilities, which primarily pose a threat to the Russian state information systems. This gives the researchers data on what technologies, hardware and software used in networks of the Russian government.
The methods applied were already used in the analysis of national databases vulnerabilities of China and the United States. Those were created a few years earlier and differ in the frequency of occupancy rates and great coverage.
Video, photo All from Russia.