Firewall Wizards mailing list archives
Re: Open Source vs. Closed Source [ was Re: Firewall Throughput ]
From: dbell <dbell () bway net>
Date: Mon, 18 Sep 2000 15:54:28 -0400 (EDT)
No no no! Please don't do this. This brings a knee jerk reaction and often doesn't give time for proper regression testing of fixes. In the mean time, the script kiddies can go blasting around to their hearts content. Better to post a patch for the problem (if possible). That serves two purposes: make the problem known, and fix it at the same time.
That's fine, IF it motivates the vendor to fix the problem in some kind of "official" or "supported" way. As silly as it is, some of us work in environments where installing code from bugtraq on production systems is not acceptable. It has to come from the vendor, and must come with that vendor's willingness to support the code. I'm sure I'm not the only one in this boat.
Doesn't mean that that's the right way to do it. It means that the vendor has to take all of their resources that may be working on other important security issues and preempt them for a quick and dirty fix.
By giving the vendor plenty of lead time prior to publication, you will have given them ample time to deploy the necessary resources. If they have chosen not to do so for weeks or months, that's their problem. Especially if you post a fix (and sent them one when you made initial contact), there is simply no excuse for a vendor to let problems go unaddressed for extended periods. -- Daniel Bell Heuer's Law: Any feature is a bug unless it can be turned off. _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Open Source vs. Closed Source [ was Re: Firewall Throughput ] Chris Calabrese (Sep 14)
- RE: Open Source vs. Closed Source [ was Re: Firewall Throughput ] Domenico De Vitto (Sep 16)
- <Possible follow-ups>
- Re: Open Source vs. Closed Source [ was Re: Firewall Throughput ] amanda (Sep 16)
- Re: Open Source vs. Closed Source [ was Re: Firewall Throughput ] Doug Hughes (Sep 18)
- Re: Open Source vs. Closed Source [ was Re: Firewall Throughput ] dbell (Sep 19)
- Re: Open Source vs. Closed Source [ was Re: Firewall Throughput ] Doug Hughes (Sep 18)
- Re: Open Source vs. Closed Source [ was Re: Firewall Throughput ] ark (Sep 20)