To: Bush2000
I'm not wild about people releasing vulnerabilities before a patch is available, but this does seem to be rather slow in coming....
15 posted on
11/26/2003 1:59:52 PM PST by
general_re
(Take away the elements in order of apparent non-importance.)
To: general_re
I'm not wild about people releasing vulnerabilities before a patch is available, but this does seem to be rather slow in coming....
I agree. There really ought to be a standard for the length of time that's acceptable for security researchers to hold back reporting a problem. Eight weeks does seem like a long time but, if it's a complicated fix, that needs to be taken into account.
19 posted on
11/26/2003 2:07:39 PM PST by
Bush2000
To: general_re
"I'm not wild about people releasing vulnerabilities before a patch is available, but this does seem to be rather slow in coming...."
If the company knows about the vulnerability, you can bet that its already well known in the underground, so it helps no one to keep it secret, by letting more people in on it someone might come up with a solution faster.
78 posted on
11/29/2003 7:30:08 AM PST by
battousai
(Coming Soon to an election near you: Pasty White Hillary and the Nine Dwarfs!)
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson