Date: Tue, 15 Sep 2009 16:32:27 -0700 (PDT) From: James Phillips <anti_spam256@yahoo.ca> To: freebsd-questions@freebsd.org Subject: Re: freebsd-questions Digest, Vol 276, Issue 5 Message-ID: <397697.56713.qm@web65504.mail.ac4.yahoo.com> In-Reply-To: <20090915192353.08EFB1065696@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
=0A> =0A> Message: 15=0A> Date: Tue, 15 Sep 2009 14:13:17 -0400=0A> From: J= erry <gesbbb@yahoo.com>=0A> Subject: Re: reporter on deadline seeks comment= about=0A> reported=0A> =A0=A0=A0 security bug in FreeBSD=0A> To: freebsd-q= uestions@freebsd.org=0A> Message-ID: <20090915141317.7a41b042@scorpio.seibe= rcom.net>=0A> Content-Type: text/plain; charset=3DUS-ASCII=0A> =0A> On Tue,= 15 Sep 2009 13:18:29 -0400=0A> Bill Moran <wmoran@potentialtech.com>=0A> w= rote:=0A> =0A<SNIP!>=0A> =0A> The fact is, that you do in fact notify me. K= eeping=0A> important security=0A> information secret benefits no one, excep= t for possibly=0A> those=0A> responsible for the problem to begin with who = do not want=0A> the=0A> knowledge of the problem to become public. A multit= ude of=0A> software,=0A> such as Mozilla, publish known security holes in t= heir=0A> software.=0A> The ramifications of allowing a user to actively use= a=0A> piece of=0A> software when a known bug/exploit/etc. exists within it= is=0A> grossly=0A> negligent.=0A> =0A=0AThe important question is: known= by whom?=0AEvery reviewer brings their own bias and experience. The code h= as not been "proven correct," so there is not reason to assume that a Black= -hat will find the same bug/exploit. If there are more than about 3 unknown= exploits, they are more likely to find a different one.=0A=0AIMO, Mozilla = is a bad example. I've been bitten by (non-security) bugs going back to 1.5= or earlier. Disclosure: I still prefer Lynx.=0A=0A=0A<SNIP!>=0A=0A> =0A=0A= =0A __________________________________________________________________= =0AThe new Internet Explorer=AE 8 - Faster, safer, easier. Optimized for Y= ahoo! Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplor= er/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?397697.56713.qm>