Home > slashdot > When Is It Right To Go Public With Security Flaws?

When Is It Right To Go Public With Security Flaws?

July 27th, 2010 07:20 admin Leave a comment Go to comments

nk497 writes “When it comes to security flaws, who should be warned first: users or software vendors? The debate has flared up again, after Google researcher Tavis Ormandy published a flaw in Windows Support. As previously noted on Slashdot, Google has since promised to back researchers that give vendors at least 60-days to sort out a solution to reported flaws, while Microsoft has responded by renaming responsible disclosure as “coordinated vulnerability disclosure.” Microsoft is set to announce something related to community-based defence at Black Hat, but it’s not likely to be a bug bounty, as the firm has again said it won’t pay for vulnerabilities. So what other methods for managing disclosures could the security industry develop, that balance vendors need for time to develop a solution and researchers’ needs to work together and publish?”

Source: When Is It Right To Go Public With Security Flaws?

Related Articles:

  1. Major Security Flaws Discovered In Internet HDTVs
  2. Mozilla Bumps Security Bug Bounty To $3,000
  3. Researchers Find Security Flaws In Backscatter X-ray Scanners
  4. TSA Investigates Pilot Who Exposed Security Flaws
  5. Project Un1c0rn Wants To Be the Google For Lazy Security Flaws
blog comments powered by Disqus
YOYOYOOYOYOYO