LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Relation between disclosure and risk

Relation between disclosure and risk

Posted Sep 17, 2005 3:08 UTC (Sat) by vonbrand (subscriber, #4458)
In reply to: Firefox buffer overflow and full disclosure by RobSeace
Parent article: Firefox buffer overflow and full disclosure

It is not so simple... The risk is a growing function of how many black hats know about the problem. So, the disclosure increases risk, as black hats as a whole are rather secretive about their exploits. On the other hand, knowing about the risk helps taking countermeasures, so decreases risk. It simply isn't clear which of the two tendencies wins out. I'd wager that most users just rely on the "automatic upgrade" of their software, so public disclosure (somewhat) synchronized with the patch release schedule of the vendors should minimize risk.

(Log in to post comments)

Relation between disclosure and risk

Posted Sep 17, 2005 15:39 UTC (Sat) by RobSeace (subscriber, #4435) [Link]

Sure, most users are lazy/ignorant, and may not do anything to protect
themselves even when informed... But, does that mean those of us who are
NOT lazy and ignorant, and who are willing to take whatever measures
necessary to protect ourselves should be kept in the dark, and put at
increased risk, simply to protect the lazy and ignorant users?? I'm sorry,
but I don't accept that... I think everyone should be given the chance
to protect themselves, and if they fail to take it, well that's their own
choice...

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds