Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Mozilla's 'Code of Silence' Isn't
Jon Lasser, 2002-10-09

Developers are accused of not publicizing the browser's security vulnerabilities enough. But do we really need world wide alerts for every bug?

Comments Mode:
Cool a unix/lenix guy preaching the same stuff as M$crud 2002-10-09
Twinker (3 replies)
Cool a unix/lenix guy preaching the same stuff as M$crud 2002-10-09
Rob John <rdrj@mindspring.com> (2 replies)
Cool a unix/lenix guy preaching the same stuff as M$crud 2002-10-10
JTM
My point was.... 2002-10-10
Twinker (1 replies)
Nothing's hidden 2002-10-15
Anonymous (1 replies)
Nothing's hidden 2002-10-15
Karl
Cool a unix/lenix guy preaching the same stuff as M$crud 2002-10-15
Jason
Cool a unix/lenix guy preaching the same stuff as M$crud 2002-10-16
DaveHowe
Mozilla's 'Code of Silence' Isn't 2002-10-09
Chad Loder
Mozilla's 'Code of Silence' Isn't 2002-10-10
Jon Lasser (2 replies)
Mozilla's 'Code of Silence' Isn't 2002-10-11
Sam
Mozilla's 'Code of Silence' Isn't 2002-10-16
Serge Wroclawski
Mozilla's 'Code of Silence' Isn't 2002-10-10
Anonymous
Mozilla's 'Code of Silence' Isn't 2002-10-10
Twinker (2 replies)
Mozilla's 'Code of Silence' Isn't 2002-10-11
XandreX (1 replies)
Mozilla's 'Code of Silence' Isn't 2002-10-11
Anonymous (2 replies)
Mozilla's 'Code of Silence' Isn't 2002-10-11
Rob
Mozilla's 'Code of Silence' Isn't 2002-10-14
Anonymous
Mozilla's 'Code of Silence' Isn't 2002-10-15
Anonymous
Mozilla's 'Code of Silence' Isn't 2002-10-11
Paul
I suppose if someone accidently left their door unlocked one morning, and you had a choice between phoning him at work to tell him, and announcing on the radio that Joe Bloggs in number 14 had left his door unlocked, only one of these would seem reasonable.

If Joe didn't bother doing anything about it for ages, and if he was storing something for friends of yours, then there might be a case for wider disclosure.

But in principle it seems reasonable to allow a *reasonably limited* amount of time for a fault to be fixed before making all details of the problem (and how to exploit it) public.

P.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/114/16781#16781
Mozilla's 'Code of Silence' Isn't 2002-10-12
Anonymous
Mozilla's 'Code of Silence' Isn't 2002-10-12
Anonymous
Practice what you preach 2002-10-13
Anonymous
Mozilla's 'Code of Silence' Isn't 2002-10-13
Anonymous
Mozilla's 'Code of Silence' Isn't 2002-10-16
Anonymous







 

Privacy Statement
Copyright 2009, SecurityFocus