10:41 Publication discovered vulnerabilities the pros and cons | |
The idea to raise this subject was inspired by the utterances of one representative of one of the well-known firms producing software. Who is this - keep silent. Are the following: According to this representative, the publication of information about the found vulnerabilities in popular software products - is evil, because if the vulnerability is really critical, then it probably will have time to be exploited than to correct manufacturer. In this perspective, one enthusiast, finding a vulnerability, must notify the vendor and quietly wait for this bug fix. When this happens - no one knows, depends on the "employment" of the developer. I do not know how everyone thinks, but I think it is fundamentally wrong. Reputable firms have a staff of highly skilled programmers developers. They can focus on developing a new interface (with the old engine), to develop color menu bar, or to eliminate errors. What to do - work on the reliability or the phony marketing - this is a specific policy of the firm, and publishing security vulnerabilities in open sources will reveal the policy. If your product - Pink glamorous hack, full of bugs and holes - can produce a new version every day, but you will still eat up the competition. And it seems ridiculous that a group of programmers can not find in my code way to eliminate vulnerabilities faster than single-hacker - to write an exploit, and disseminate it. Can not quickly and efficiently run - off the market. Personally, I think that is quite normal to notify the developer of the found bugs, then if there is no clear answer or sluggish visual signal "yes, we know, will not change, because it is uninteresting and uncritically", three working days to publish it for everyone. I propose to discuss the topic in the comments. | |
|
| |
| Total comments: 0 | |