lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: dveditz at (Daniel Veditz)
Subject: FIREFOX flaws: nested array sort() loop Stack
 overflow exception

Jose Nazario wrote:
> benefits of forcing/encouraging registration include:
> 	- garaunteed line of followup
> 	- reduced spam quantities in bugzilla
> 	- at leasta cutofof "i care enough to ..."

Currently more than half of the bugs that do get filed end up wasting time
rather than helping (duplicates, invalid, already fixed in a newer version,
no one else can reproduce). These are not minor benefits, the situation
would be far worse with drive-by bug reporting.

> still, you're losing more than you may expect. i know i've failed to file
> bug reports (non-security related) for mozilla products due to this "speed
> bump".

It is a real problem, knowing where to draw the line is hard. For people who
don't wish to get as involved there are other places bugs could be reported
more informally (newsgroups, web forums, irc) and other volunteers would
most likely file the bugs for you if they can be reproduced.

-Dan Veditz

Powered by blists - more mailing lists