Re: Public disclosure of discovered vulnerabilities

From: Bryan Olson (fakeaddress_at_nowhere.org)
Date: 05/18/05


Date: Wed, 18 May 2005 03:27:21 GMT

Stephen Sprunk wrote:
[...]
> In contrast, one vendor I worked with would fix security bugs and ship
> patches (without telling customers what they fixed) as quickly as
> possible but request that the person discovering it withhold public
> release until (a) an exploit was seen in the wild or (b) six months
> elapsed. The latter almost always held and so by the time they
> announced the vulnerability, nearly all of their customers were already
> running patched software. This is about the best response I can
> imagine.

Seen better:

    http://www.mozilla.org/security/bug-bounty.html

-- 
--Bryan


Relevant Pages

  • spork We pursue the sour desert.
    ... evaluations, do you ship them? ... Plenty of commissions will be enormous afraid receivers. ... request after Byron perceives the partial refuge's grammar? ...
    (rec.games.roguelike.nethack)
  • Re: Need help with a complex data set
    ... Are you saying that you MUST eliminate the duplication in a query? ... time from a request to ship an order and the time it actually ships. ... next day then that first request was fullfilled. ...
    (microsoft.public.access.queries)
  • Re: Need help with a complex data set
    ... Are you saying that you MUST eliminate the duplication in a query? ... What is it that a query does that a report doesn't, ... time from a request to ship an order and the time it actually ships. ...
    (microsoft.public.access.queries)
  • Re: Writing PDF from Word (was: Re: concatenating PDFs)
    ... No, we don't ship physical boxes at this time, but we do ship CDs on ... triggered the original request), and I'm sure those needing more will ... our website (as PDF). ...
    (borland.public.delphi.thirdpartytools.general)
  • Re: Need help with a complex data set
    ... time from a request to ship an order and the time it actually ships. ...   tblOrderRequests.VisualOrderID, ... next day then that first request was fullfilled. ...
    (microsoft.public.access.queries)