Firefox buffer overflow and full disclosure
Posted Oct 10, 2005 1:47 UTC (Mon) by turpie
In reply to: Firefox buffer overflow and full disclosure
Parent article: Firefox buffer overflow and full disclosure
That's a very poor analogy. Such a fire hazard could result in legitimate users accidently creating a life threatening disaster. Hardly similar to a security bug in a web browser.
Most users would be unable to create their own patches to fix a security hole, and unlikely to want to go to the hassle of swapping to another program if their preferred choice of program is likely to be fixed in a couple of days. I believe developers should be notified of the bug and told that they would have no more than 14 days to fix the problem before it is made public. The developers would then have time to fix or workaround the bug, test and release an update before the blackhats were informed. If the developers didn't respond in time then that fact should be a part the security disclosure so the users may be better informed and can then change their software preferences.
to post comments)