Language Selection

English French German Italian Portuguese Spanish

Mozilla: Hackers control bug disclosure

Filed under
Moz/FF

The software industry for years has pushed guidelines for vulnerability disclosure. Those "responsible disclosure" efforts have had some effect, but security researchers maintain control over the process, Mozilla security chief Window Snyder said in a panel discussion at the ShmooCon hacker event here.

The software industry for years has pushed guidelines for vulnerability disclosure. Those "responsible disclosure" efforts have had some effect, but security researchers maintain control over the process, Mozilla security chief Window Snyder said in a panel discussion at the ShmooCon hacker event here.

"The researcher has all the power," Snyder said. "They control when they disclose it, and they control the idea whether or not the vendor responds in time."

Releasing vulnerability details has been hot topic for years. The software industry advocates private disclosure of a bug and time to fix it before a researcher goes public, a practice the industry calls responsible disclosure. After all, early release could help criminals to launch cyberattacks and damage a vendor's reputation.

Security researchers who follow the industry's guidelines are often frustrated by a lack of response from software makers.

Full Story.

More in Tux Machines

Linux Kernel 3.19-Rc6 Released


Linux Kernel 3.19-Rc6 Released

One more rc released today shortening time period for the final release. Each release sees a new changes and fixes and this one is slightly smaller but as always better.
 
 
 
 
 
 

Read at LinuxAndUbuntu

Ubuntu Flavors 15.04 Vivid Vervet Alpha 2 Released


Picture

Ubuntu flavors 15.04 alpha 2 has been released for testing. Ubuntu Unity does not take part in the alpha releases. Flavors like Kylin, Ubuntu Gnome, Lubuntu and Kubuntu alpha 2 relases are available.



Read at LinuxAndUbuntu

MBARI testing the waters with open source camera

“There is a movement to have open source oceanographic equipment,” said Chad Kecy, lead designer and MBARI engineer. “Anyone could take our designs and modify them for specific needs they have. It’s just a less expensive and easier way of getting cameras in the water.” Read more

Fixing unperceived errors in my X Windows configuration

Last week I decided to bite the bullet and upgrade X Windows to the latest version available in the main Portage tree. After rebooting, X Windows, GLX and Direct Rendering worked fine as usual. So everything was good. Well, not quite. Although the installation was working properly, there were still some long-standing messages in the X.Org log file that indicated my installation was not configured completely correctly. I had ignored them for too long and resolved to find their causes and eliminate them. Here is what I did.

Read more