RHEL, kernel vulnerabilities, and days of risk
Posted Mar 28, 2005 17:16 UTC (Mon) by giraffedata
In reply to: RHEL, kernel vulnerabilities, and days of risk
Parent article: RHEL, kernel vulnerabilities, and days of risk
What you say would only be true if the only way to find out about the
vulnerability were from Microsoft.
You misread my comment. When I said "if Microsoft can keep vulnerabilities secret," I didn't mean if Microsoft can avoid telling people about them (though I understand that's sometimes what "keep secret" means). I meant if Microsoft can keep the vulnerabilities from becoming general knowledge.
To the extent that Microsoft can't do that, because other people find and expose the vulnerabilities, my comment doesn't apply.
But the article suggests that Microsoft can to some extent keep the vulnerabilities secret, because it says Microsoft lessens its "days of risk" measurement by not disclosing bugs.
to post comments)