RE: [suse-security] [Flame] A Disservice to the Linux Community
Very interesting debate, it's the first time I'm noticing that opensource devoted people agree with the meaning of Microsoft: http://www.heise.de/newsticker/data/lab-18.10.01-000/
I think that's taking it a bit too far. There is a little agreement between a part of the open source community and Microsoft that information on security vulnerabilities need not necessarily fulfil their maximum blessing when revealed to the general public the very moment they're discovered. However, from what I remember of the MS article, Microsoft would rather have people never release vulnerability information as long as there's no vendor fix *and* a method of deployment to almost all 'customers'. That, of course, shows the direction MS wants to take and it's exactly what full disclosure is set to prevent: vendors keeping vulnerabilities secret, not doing anything about them and denying their existence until it is proven otherwise. This is very much different from 'responsible' conduct with security vulnerability information. See Bruce Schneier's good article from last September on the window of exposure and full disclosure at: http://www.counterpane.com/crypto-gram-0009.html#1. Cheers, Tobias
When I go out and have the zippers of my trousers open, there is a difference between someone calling YOUR ZIPPERS ARE OPEN ! and simple bringing my attention to this fact. There is also a difference between freedom and chaos: responseability. The delay of information regarding this kernel patch has my support as well as the strive for totally open communication. Let's go on with the daily work. Greetings Michael
participants (2)
-
Michael Zimmermann
-
Reckhard, Tobias