lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun May  8 10:02:41 2005
From: mailinglists at vanscherpenseel.nl (Vincent van Scherpenseel)
Subject: Firefox Remote Compromise Leaked

On Sunday 08 May 2005 10:14, Jason Coombs wrote:

> Nothing at all would have been gained by delaying disclosure, other than
> to give attackers a bigger window of opportunity to mount successful
> attacks and design new exploits that will launch successfully against a
> completely unprepared computing public.

Most of the time disclosure is delayed to allow the vendor to fix a security 
bug. If you find a security bug and give the vendor five days to fix it 
before you release the disclosure advisory there's a smaller chance that the 
vulnerability will be exploited by malicious people.

Full disclosure works because it forces vendors to actually fix a security 
problem, and delaying a disclosure for a couple of days doesn't hurt that way 
of working.

 - Vincent van Scherpenseel

-- 
http://vincent.vanscherpenseel.nl/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ