Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Google Microsoft Security Technology

When Is It Right To Go Public With Security Flaws? 126

Posted by CmdrTaco from the yesterday dept.
nk497 writes "When it comes to security flaws, who should be warned first: users or software vendors? The debate has flared up again, after Google researcher Tavis Ormandy published a flaw in Windows Support. As previously noted on Slashdot, Google has since promised to back researchers that give vendors at least 60-days to sort out a solution to reported flaws, while Microsoft has responded by renaming responsible disclosure as 'coordinated vulnerability disclosure.' Microsoft is set to announce something related to community-based defense at Black Hat, but it's not likely to be a bug bounty, as the firm has again said it won't pay for vulnerabilities. So what other methods for managing disclosures could the security industry develop, that balance vendors need for time to develop a solution and researchers' needs to work together and publish?"
This discussion has been archived. No new comments can be posted.

When Is It Right To Go Public With Security Flaws? More

When Is It Right To Go Public With Security Flaws?

Comments Filter:

  • Never (Score:4, Funny)

    by SeriouslyNoClue ( 1842116 ) on Tuesday July 27, 2010 @10:30AM (#33044686)
    Time after time it's been proven that the safest security is the security that is shrouded in the most mystery. Why can't anyone hack Windows 7? Because it's new and no one knows how it works. People like Ormandy are a bane to the community because they steal code from Microsoft (there is no other way they could know about these flaws) and then once they stolen it, they release it for virus writers to hurt the common man. They are a public enemy and I'd suspect he has contacts inside Microsoft (if you're reading this Steve Ballmer, I suggest you begin purging those who doubt you and those closest to you).

    I cannot believe Google would show support to someone who is most obviously a criminal aiding and abetting other criminals.

    Nobody wants their source code shown to malware writers for obvious reasons so let Microsoft have its privacy. Why do individuals get privacy rights but not Microsoft? Did you ever stop to think about that? No, you didn't, because you were too busy helping the bad guys.

    You should never reveal a security flaw. It's called common sense about saftey and protecting everyone around you.

  • Re:It's not fair (Score:3, Funny)

    by Lehk228 ( 705449 ) on Tuesday July 27, 2010 @11:08AM (#33045262) Journal
    so do the right thing and post details on 4chan, make sure to use 7 proxies

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close