[pchelpers] Re: News:Mozilla: Hackers control bug disclosure

• From: John Durham <john.modec@xxxxxxxxxx>
• To: pchelpers@xxxxxxxxxxxxx
• Date: Mon, 26 Mar 2007 13:42:24 +1200

John Durham wrote:
> By Joris Evers, CNET News.com | 2007/03/26 06:59:01
> 
> Software makers are at the mercy of bug hunters when it comes to flaw
> disclosure, Mozilla's security chief said on Saturday.
> 
> The software industry for years has pushed guidelines for vulnerability
> disclosure. Those "responsible disclosure" efforts have had some effect,
> but security researchers maintain control over the process, Mozilla
> Security Chief Window Snyder said in a panel discussion at the ShmooCon
> hacker event here.
> 
> "The researcher has all the power," Snyder said. "They control when they
> disclose it, and they control the idea whether or not the vendor
> responds in time."
> 
> Security researchers who follow the industry's guidelines are often
> frustrated by a lack of response from software makers. Another frequent
> point of criticism is the time it takes for a fix to be released and for
> the researcher to get credit in a security alert.
> 
> "Vendors have a real responsibility to respond to what's reported to
> them," said Snyder, who previously worked at Microsoft.
> 
> But not everyone buys into responsible disclosure. It is a trap set by
> software makers, said panel member Dave Aitel, of security software firm
> Immunity. "Responsible disclosure is a marketing term," he said.
> "Responsible disclosure plays into the hands of Microsoft and other big
> vendors ... they are trying to control the process."
> 
> More here:
> http://www.builderau.com.au/news/soa/Mozilla_Hackers_control_bug_disclosure/0,339028227,339274482,00.htm?feed=rss
This is a special one for Scott, who doesn't like bad articles.

-- 
Regards, John Durham <http://modecideas.com/contact.html?sig>
Fax/Phone 64 4 5286786
Award winning web site at http://modecideas.com?sig
Server hosted on Ubuntu 4.10
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Good advice is like good paint- it only works if applied.


-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

• References:
  • [pchelpers] News:Mozilla: Hackers control bug disclosure
    • From: John Durham

Other related posts:

• » [pchelpers] News:Mozilla: Hackers control bug disclosure
• » [pchelpers] Re: News:Mozilla: Hackers control bug disclosure

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription