Re: Public disclosure of discovered vulnerabilities

From: D. J. Bernstein (djb_at_cr.yp.to)
Date: 05/15/05

  • Next message: Joe Peschel: "Re: Public disclosure of discovered vulnerabilities"
    Date: Sun, 15 May 2005 21:48:49 +0000 (UTC)
    
    

    Nicol So wrote:
    > Please stop mischaracterizing my position as "shooting the messenger".

    You said that ``public announcement of a vulnerability'' would
    ``increase the risk'' to users. That's shooting the messenger.

    Anyway, the terminology doesn't matter. What matters is that you're
    ignoring the ultimate source of harm, namely the designers and
    implementors who created the security problem in the first place.

    ---D. J. Bernstein, Associate Professor, Department of Mathematics,
    Statistics, and Computer Science, University of Illinois at Chicago


  • Next message: Joe Peschel: "Re: Public disclosure of discovered vulnerabilities"