, 2002-10-09
Developers are accused of not publicizing the browser's security vulnerabilities enough. But do we really need world wide alerts for every bug?
Expand all |
Post comment
Cool a unix/lenix guy preaching the same stuff as M$crud
2002-10-09
Twinker (3 replies)
Twinker (3 replies)
Cool a unix/lenix guy preaching the same stuff as M$crud
2002-10-09
Rob John <rdrj@mindspring.com> (2 replies)
Rob John <rdrj@mindspring.com> (2 replies)
Mozilla's 'Code of Silence' Isn't
2002-10-10
Twinker (2 replies)
Twinker (2 replies)
Mozilla's 'Code of Silence' Isn't
2002-10-11
XandreX (1 replies)
XandreX (1 replies)
This is totally different from Mozilla where they have a list anyone can go check that lists all the security issues.
What he's saying is that the media then shotguns all these announcements with their media-ese thus offering no additional value from the security list that the Mozilla folks produce and regular folks see all these announcements--many of which don't mean what the media thinks they mean--and don't really know enough to grok it all. Thus the theory produced in this article is that this shotgun approach by the media and security researchers for disclosing security issues causes more harm than good.
The issue here is not that security issues should be disclosed, but the method in which they're disclosed by the media.
/will
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/114/16765#16765