Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How much time is appropriate for fixing a bug?

From: Philipp Hagemeister <phihag () phihag de>
Date: Fri, 06 Jul 2012 12:35:27 +0200
Realistically, it will take at least a month to go from security to
development through QA and release (in your case probably twice, because
it may have to go through the carrier's QA/release). Wikipedia says 5
months: http://en.wikipedia.org/wiki/Responsible_disclosure

- Philipp


On 07/04/2012 10:49 PM, Jann Horn wrote:

After having reported a security-relevant bug about a smartphone, how long would
you wait for the vendor to fix it? What are typical times?

I remember telling someone about a security-relevant bug in his library some time
ago - he fixed it and published the fixed version within ten minutes. On the
other hand, I often see mails on bugtraq or so in which the given dates show that
the vendor took maybe a year or so to fix the issue...



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: