Re: Public disclosure of discovered vulnerabilities
From: D. J. Bernstein (djb_at_cr.yp.to)
Date: Sun, 15 May 2005 21:48:49 +0000 (UTC)
Nicol So wrote:
> Please stop mischaracterizing my position as "shooting the messenger".
You said that ``public announcement of a vulnerability'' would
``increase the risk'' to users. That's shooting the messenger.
Anyway, the terminology doesn't matter. What matters is that you're
ignoring the ultimate source of harm, namely the designers and
implementors who created the security problem in the first place.
---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago