funsec mailing list archives

Re: Security research vuln pimps

From: der Mouse <mouse () rodents-montreal org>
Date: Mon, 26 Apr 2010 16:47:31 -0400 (EDT)

If you tell the world about a flaw in operational software/hardware,
you increase the pool of threat agents that know about it, increase
the likelihood they will attack, and increase the chance they will
be successful.


True...as far as it goes.

Oddly enough, you also increase the pool of people competent to fix the
issue, increase the likelihood it will be fixed promptly, and increase
the likelihood that workarounds will be deployed in cases where they
can be.

Which outweighs the other?  That depends.  But pretending the good
effects don't exist makes about as much sense as other people
pretending the bad effects don't exist.  Neither one matches reality,
and taking actions based on beliefs that disagree with reality is not a
good way to get the results you want.

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse () rodents-montreal org
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Security research vuln pimps Hubbard, Dan (Apr 26)
- Re: Security research vuln pimps der Mouse (Apr 26)
  - Re: Security research vuln pimps Dave Paris (Apr 26)
- Re: Security research vuln pimps Rich Kulawiec (Apr 26)
  - Re: Security research vuln pimps der Mouse (Apr 26)
  - Re: Security research vuln pimps Michal Zalewski (Apr 28)
- Re: Security research vuln pimps Jeffrey Walton (Apr 26)
  - Re: Security research vuln pimps Peter Kosinar (Apr 26)
    - Re: Security research vuln pimps Hubbard, Dan (Apr 26)