Just a reminder why we love open source the way we do. "Network managers who administer Novell's newest version of GroupWise are scrambling to fend off a bug that can severely compromise network security and e-mail systems. However, Novell is not telling administrators what the bug is or how to duplicate it, saying that it wants to give customers time to patch their systems before anyone can exploit the vulnerability.. . .
Just a reminder why we love open source the way we do. "Network managers who administer Novell's newest version of GroupWise are scrambling to fend off a bug that can severely compromise network security and e-mail systems. However, Novell is not telling administrators what the bug is or how to duplicate it, saying that it wants to give customers time to patch their systems before anyone can exploit the vulnerability.

"If you look at divulging details about a security issue out in public, then having customers do a firefight to get their systems updated, it's an impossible task for them to do that," says Paul Turner, director of product management at Novell. "We're taking some hits on this because we are literally asking network managers to go against their nature" and apply the patch without full knowledge of the problem.

Chris O'Brien, network manager for Olivet Nazarene University in Bourbonnais, Ill., is suspicious of Novell's advice.

"If the patch actually fixes a serious security problem, I have no problem putting it on as soon as possible," says O'Brien. "What does make me hesitate is the urgency combined with the secrecy of the problem. Applying a fix without knowing what it will do, makes me nervous."

While most network managers don't want to ignore Novell's advice, they say Novell is wrong to not tell them the impact the bug will have on their systems.

The link for this article located at NWFusion is no longer available.