Language Selection

English French German Italian Portuguese Spanish

Mozilla: Hackers control bug disclosure

Filed under
Moz/FF

The software industry for years has pushed guidelines for vulnerability disclosure. Those "responsible disclosure" efforts have had some effect, but security researchers maintain control over the process, Mozilla security chief Window Snyder said in a panel discussion at the ShmooCon hacker event here.

The software industry for years has pushed guidelines for vulnerability disclosure. Those "responsible disclosure" efforts have had some effect, but security researchers maintain control over the process, Mozilla security chief Window Snyder said in a panel discussion at the ShmooCon hacker event here.

"The researcher has all the power," Snyder said. "They control when they disclose it, and they control the idea whether or not the vendor responds in time."

Releasing vulnerability details has been hot topic for years. The software industry advocates private disclosure of a bug and time to fix it before a researcher goes public, a practice the industry calls responsible disclosure. After all, early release could help criminals to launch cyberattacks and damage a vendor's reputation.

Security researchers who follow the industry's guidelines are often frustrated by a lack of response from software makers.

Full Story.

More in Tux Machines

OpenDaylight executive director spells out where this open source SDN efforts stand

So if I compare it to Linux. Linux is in my computer, in my car, it’s in a million things outside of the server room. In the same way I think a large percentage of OpenDaylight will be used and leveraged that way. You will have a few people who grab the code, compile it themselves and deploy it in their environment, but mostly for a proof of concept (POC). If an end user hears about SDN and thinks it’s great, they might find themselves needing to POC 15 different solutions. Do I need an overlay? Well, you’ve got to look at three or four overlays out there because they all do things differently. And if you want to figure out how to use OpenFlow, well there are different flavors of OpenFlow, so you’re going to pull a couple of different ones. Read more

'Windows 9' LEAK: Microsoft's playing catchup with Linux

New videos of a "Windows 9" variant have emerged, and to this hack's eyes they look to have brought Windows up to speed with tricks that desktop Linux has been turning for at least half a decade. Read more Ed: Microsoft uses fake 'leaks' and vapourware again. "In the face of strong competition, Evangelism's focus may shift immediately to the next version of the same technology, however. Indeed, Phase 1 (Evangelism Starts) for version x+1 may start as soon as this Final Release of version X."

--Microsoft, internal document [PDF]

Another Italian city announces it's ditching Microsoft Windows for open source

The City of Udine is moving from Windows for OpenOffice – and may soon ditch Microsoft at an operating system level too. Read more

Today in Techrights

Older: Roundups: