, 2006-03-07
There is value in finding vulnerabilities. Yet many people believe that a vulnerability doesn't exist until it is disclosed to the public. We know that vulnerabilities need to be disclosed, but what role do vendors have to make these issues public?
Expand all |
Post comment
The value of vulnerabilities
2006-03-08
Omar A. Herrera (2 replies)
Omar A. Herrera (2 replies)
Re:Good Points
2006-03-08
R_U_Trustified (2 replies)
R_U_Trustified (2 replies)
Re: Re:Good Points
2006-03-09
Matthew Murphy (1 replies)
Matthew Murphy (1 replies)
Re: Re: Re:Good Points
2006-03-14
Robert E. Lee (1 replies)
Robert E. Lee (1 replies)
Without the exploit the end-user can not test their systems for susceptibility to the vulnerability. Also, the advisory will be looked on with skepticism until it is provable with the exploit.
There is no universal good answer to this problem, but in the end I side with the more information is better crowd. At least with the information flowing, those who want to be informed can be.
Those in the dark will be compromised either way.
Robert E. Lee
Dyad Security
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/391/33314#33314