Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
RE: [suse-security] Security announcements
  • From: "Paxton, Michael" <michael.paxton@xxxxxxxxxxx>
  • Date: Mon, 6 Mar 2000 11:50:59 +1100
  • Message-id: <EC943C5D0768D311AF8A00805F85B83E041733@xxxxxxxxxxxxxxxxxx>


> On Mon, 6 Mar 2000, Jussi Laako wrote:
>
> > I'm viewing it from statistical point of view. Let's say that 10
> crackers
> > know about the vulnerability (if we don't announce it to whole world),
> it's
> > not very likely that YOUR system gets hacked. But if we announce it,
> then
> > about 1000 or 10000 crackers will know about it. Now it's much more
> likely
> > that YOUR system gets hacked?
>
Just an observation, but if 10 crackers know of a vulnerability then
pretty soon it will be on a web site somewhere and the 1000, 10000 or 100000
will be just around the corner. They certainly wont feel any need to be
discrete about it.
It is certainly something that needs to be kept in mind when
formulating a bug alert policy..



< Previous Next >
This Thread
  • No further messages