Re: Public disclosure of discovered vulnerabilities

From: D. J. Bernstein (
Date: 05/15/05

Date: Sun, 15 May 2005 06:54:21 +0000 (UTC)

Nicol So wrote:
> The issue here is how the timing and manner of disclosing security
> vulnerabilities affect the user community.

In your analysis of the effects, you're ignoring the fact that shooting
the messenger reduces pressure on the designers and implementors who are
ultimately responsible for creating these security problems in the first
place. The impact of this long-term pressure is vastly more important
than any of the short-term issues you've mentioned.

> The discoverer cannot change history

Irrelevant. The problem is much larger than one historical error. The
problem is a gigantic _pattern_ of designers and implementors creating
security holes. Punishing designers and implementors for their mistakes
creates an incentive for them to be more careful in the future.

Your shoot-the-messenger attitude reduces the punishment, and therefore
reduces the incentive. You're seeing punishment as a bad thing because
you're ignoring the massive long-term benefits of the incentive.

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago

Relevant Pages

  • RE: Charging customers on security
    ... The key issue would seem to be what the expected environment of a piece ... malicious attacks and to have designers whose ability to ... Subject: Charging customers on security ... I think your idea of layered security will work quite well. ...
  • Re: Somewhat off-topic: cloned, possibly hacked
    ... Oh, yeah, the answer is probably "The original designers of the ... Internet didn't pay attention to security". ... Which is part of the reason why I stopped paying attention to network ...
  • Re: Java vs JavaScript
    ... that it does not restrict you from doing anything potentially dangerous ... designers were in a tearing hurry at the time this stuff was set in stone). ... Agreed that JS gains some security from the fact that it just doesn't have the ... ability to touch as much as the Java runtime (assuming the application that ...
  • Re: A fossil makes a statement
    ... are not inherently secure just because they are VMs. ... Java designers choose a VM to achieve portability, not security. ...
  • Re: OT: First Amendment Repealed
    ... The press doesn't have a Top Secret security clearance. ... |> problems than just the press releasing it. ...