, 2002-10-09
Developers are accused of not publicizing the browser's security vulnerabilities enough. But do we really need world wide alerts for every bug?
Expand all |
Post comment
Cool a unix/lenix guy preaching the same stuff as M$crud
2002-10-09
Twinker (3 replies)
Twinker (3 replies)
Cool a unix/lenix guy preaching the same stuff as M$crud
2002-10-09
Rob John <rdrj@mindspring.com> (2 replies)
Rob John <rdrj@mindspring.com> (2 replies)
> the system admin/net admin from doing their jobs.
The way I've seen things, is that moz developpers *always* disclose the bug, at least a short explanation, but, about some security bugs, the developer discussions which usually happen on bugzilla's bugpages are hidden to the public. Which means that to see how this bug is discussed, all you have to do is no non-public, ie contact one of the developpers assigned to the bug and work for its solution. I guess that is not too difficult a task to do for someone willing to make things change about moz bugs, and yet hard enough so that people unable to understand what the bug is don't misunderstand it (and then propagate a false idea about he bug).
I think that is what columnism Jon Lasser is saying.
I'll give an example. Information is good, but if you don't have enough to understand the understatements then :
1/ it is useless
2/ or worse it can be harmful.
I shall give an example :
when you use a cellular telephone, you brain temperature increases to 1°C near the ear. Gosh, that's terrible, that's 3% increase ! => Let's burn all cell phones.
BUT when ou get all info, you also know that wearing a helmet (for instance if you drive a motorbike) your brain temperature can go up 2 or 3°C.
This points exctly what the problem is : people that cannot relativize information shoudn't get it.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/114/16771#16771