Language Selection

English French German Italian Portuguese Spanish

Mozilla: Hackers control bug disclosure

Filed under
Moz/FF

The software industry for years has pushed guidelines for vulnerability disclosure. Those "responsible disclosure" efforts have had some effect, but security researchers maintain control over the process, Mozilla security chief Window Snyder said in a panel discussion at the ShmooCon hacker event here.

The software industry for years has pushed guidelines for vulnerability disclosure. Those "responsible disclosure" efforts have had some effect, but security researchers maintain control over the process, Mozilla security chief Window Snyder said in a panel discussion at the ShmooCon hacker event here.

"The researcher has all the power," Snyder said. "They control when they disclose it, and they control the idea whether or not the vendor responds in time."

Releasing vulnerability details has been hot topic for years. The software industry advocates private disclosure of a bug and time to fix it before a researcher goes public, a practice the industry calls responsible disclosure. After all, early release could help criminals to launch cyberattacks and damage a vendor's reputation.

Security researchers who follow the industry's guidelines are often frustrated by a lack of response from software makers.

Full Story.

More in Tux Machines

Leftovers: KDE

diff -u: What's New in Kernel Development

Boot times can become slow on systems with many CPUs, partly because of the time it takes to crank up all the RAM chips. Mel Gorman recently submitted some patches to start up RAM chips in parallel instead of one after the other. One of the main problems with trying to implement such a feature—and one of the main reasons such patches haven't made it into the kernel before—is the need to avoid slowing things down for smaller systems. Read more

I so cannot wait until this Friday when Seed of Chucky is released!

Weber State vs Oregon State Live Stream

IT&C sector – engine of the economy : Kogaion and Argent – operating systems created in Cluj-Napoca

This goes for the Romanian Group for the Development of Gentoo-Derivative Technologies too. Gentoo is an operating system based on Linux or FreeBSD, which can be automatically optimized or personalized for almost any application or need. Last week the Cluj-based team launched in Bucharest and Cluj two PC operating systems that are one hundred per cent Romanian, which could be used by regular users or within public administration, the education system or defence institutions. Read more