Vendor Approaches to Software Security Disclosure and Public Criticism
Feb 11, 2001
•
Anthony Pell
1 min read
Indeed, many vendors, network administrators and security companies adopt a policy of less-is-more when it comes to the question of how much information to release to the public about a particular software bug, exploit or attack. . . . Indeed, many vendors, network administrators and security companies adopt a policy of less-is-more when it comes to the question of how much information to release to the public about a particular software bug, exploit or attack.
The reasoning goes something like this: If they release too many details, not only will they give hackers more ammunition for their attacks, but also -- and more importantly for the vendor whose software or standard was breached -- they'll open themselves up to public scrutiny and criticism.
Microsoft Corp., for example, is notoriously tight-lipped about security flaws in its products, but usually takes a beating in the press nonetheless any time a bug is found.
The link for this article located at ZDNet / eWeek is no longer available.
PREVIOUS
NEXT
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!