Language Selection

English French German Italian Portuguese Spanish

Mozilla: Hackers control bug disclosure

Filed under
Moz/FF

The software industry for years has pushed guidelines for vulnerability disclosure. Those "responsible disclosure" efforts have had some effect, but security researchers maintain control over the process, Mozilla security chief Window Snyder said in a panel discussion at the ShmooCon hacker event here.

The software industry for years has pushed guidelines for vulnerability disclosure. Those "responsible disclosure" efforts have had some effect, but security researchers maintain control over the process, Mozilla security chief Window Snyder said in a panel discussion at the ShmooCon hacker event here.

"The researcher has all the power," Snyder said. "They control when they disclose it, and they control the idea whether or not the vendor responds in time."

Releasing vulnerability details has been hot topic for years. The software industry advocates private disclosure of a bug and time to fix it before a researcher goes public, a practice the industry calls responsible disclosure. After all, early release could help criminals to launch cyberattacks and damage a vendor's reputation.

Security researchers who follow the industry's guidelines are often frustrated by a lack of response from software makers.

Full Story.

More in Tux Machines

Cost Effective Linux Server Software for Enterprises

The advantages of a Linux server over expensive Windows systems are numerous with hardly any drawbacks. Since Linux is not dominant as Windows, there are some slight difficulties to find applications based on this platform to support the needs. While security stands as an important aspect for servers, the advantage over dominant operating systems is that security flaws are caught in Linux, even before they become an issue for the public. Linux was one of the first open-source technologies in which you can download the source code and change it any way you like. Several Linux coders have developed software that’s completely open-source for any user, improving the security and usability at each core. Read more Also: Weigh the pros, cons of three Linux load balancer options

Today in Techrights

Qt Creator 4.1 Brings Editor Improvements, Better CMake Support, and New Themes

A new stable version of the cross-platform and open-source Qt Creator IDE (Integrated Development Environment) software has been released recently for all supported platforms, including GNU/Linux, Mac OS X, and Microsoft Windows. Read more