[pchelpers] News:Mozilla: Hackers control bug disclosure

• From: John Durham <john.modec@xxxxxxxxxx>
• To: PC-Helpers <pchelpers@xxxxxxxxxxxxx>
• Date: Mon, 26 Mar 2007 13:39:05 +1200

By Joris Evers, CNET News.com | 2007/03/26 06:59:01

Software makers are at the mercy of bug hunters when it comes to flaw
disclosure, Mozilla's security chief said on Saturday.

The software industry for years has pushed guidelines for vulnerability
disclosure. Those "responsible disclosure" efforts have had some effect,
but security researchers maintain control over the process, Mozilla
Security Chief Window Snyder said in a panel discussion at the ShmooCon
hacker event here.

"The researcher has all the power," Snyder said. "They control when they
disclose it, and they control the idea whether or not the vendor
responds in time."

Security researchers who follow the industry's guidelines are often
frustrated by a lack of response from software makers. Another frequent
point of criticism is the time it takes for a fix to be released and for
the researcher to get credit in a security alert.

"Vendors have a real responsibility to respond to what's reported to
them," said Snyder, who previously worked at Microsoft.

But not everyone buys into responsible disclosure. It is a trap set by
software makers, said panel member Dave Aitel, of security software firm
Immunity. "Responsible disclosure is a marketing term," he said.
"Responsible disclosure plays into the hands of Microsoft and other big
vendors ... they are trying to control the process."

More here:
http://www.builderau.com.au/news/soa/Mozilla_Hackers_control_bug_disclosure/0,339028227,339274482,00.htm?feed=rss
-- 
John Durham
Site http://modecideas.com
Server hosted on Ubuntu 4.10
Good advice is like good paint. It only works when applied.



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

• Follow-Ups:
  • [pchelpers] Re: News:Mozilla: Hackers control bug disclosure
    • From: John Durham

Other related posts:

• » [pchelpers] News:Mozilla: Hackers control bug disclosure
• » [pchelpers] Re: News:Mozilla: Hackers control bug disclosure

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription