信息安全漏洞

文章针对通过计算机USB、光驱、软驱、串并口、网络端口等进行窃密/泄密的信息安全漏洞和隐患，提出了一种软、硬件相结合的有效技术解决方案。

The paper presented a novel computer information security solution scheme by combining software and hard-ware way in order to prevent the potential security risk of computer information which is copied via USB interface , CD-ROM , floppy driver , serial and parallel interface , and network port .

2005年6月，美国爆发了由于信息安全漏洞的原因，造成4000万个客户信用卡帐户资料落入恶意黑客之手的重大泄密事件。

In June , 2005 , a serious event erupted as a result of security loophole , malicious hacker broke into system and credit card account information of 40 million customers was divulged in US .

博兰表示，如果阻止黑客参加公开赛事的目的是让黑客直接向国家信息安全漏洞库上报，这将造就出一个“重大威胁”，因为中国黑客将拥有利用大量漏洞的空间。

Mr Boland said that if the block on attending public contests was designed to have hackers report directly to the CNNVD it would create a " significant threat " because of the scope for Chinese hackers to exploit a huge pool of vulnerabilities .

现在中国黑客只能把发现的漏洞上报给软件供应商或安全部，而安全部“可能会通知供应商，也可能不通知”。从中国国家信息安全漏洞库（CNNVD）可以在一定程度上看出安全部的立场。

Now Chinese hackers could only take a discovery to the vendor or the Ministry " who might notify the vendor or might not . " MSS has already offered clues on its stance with its National Vulnerability database , CNNVD , a repository of known vulnerabilities in different software products .

比如，Overview主题的Flashesandalerts模块会包含这样的信息：安全漏洞、重要的补丁以及针对未知问题的解决方案。

For example , the Flashes and alerts module on the Overview topic contains information such as security vulnerabilities , critical patches , and solutions for known problems .

一种信息系统安全漏洞综合分析与评估模型的研究

A Research of Synthetically Analysis and Evaluation Model on Information System Security Vulnerability

利用漏洞扫描器及入侵检测系统的统计结果两方面信息，提出了应用模糊信息融合对安全漏洞进行定性评估的方法。

This paper made use of statistical results of vulnerability scanner and intrusion detection systems and presented method of qualitative evaluation of security vulnerability based on fuzzy data fusion .

当前各信息系统建设单位处于忙于封堵现有信息系统的安全漏洞，以致宏观安全体系研究上的投入严重不足。

Now constructors of various information systems are busy in amending security holes that already exist in the systems , so that their investments in researches , which treat security as an integral part of overall system , are very small .

编制信息系统安全管理机构和成员职责，提出信息系统安全管理制度的建设重点，以达到全面堵塞信息系统安全漏洞的目的。

Drawn up the information system safety control organization and the member responsibility , proposed construction main point of the information system safety control system , in order to achieve the comprehensive jamming information system security loophole the goal .