Not logged in
Log in now
Create an account
Subscribe to LWN
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
Speaking with code
Posted Jul 25, 2009 1:36 UTC (Sat) by dlang (✭ supporter ✭, #313)
the fact that that fix didn't solve all possible aspects of this problem is unfortunate, but not more than that (you didn't see the implications at that time or you would have made more of a fuss then)
by the way, I do think that there are times when it's necessary to develop exploits, I don't remember exactly which thing, but within the last few months there was some exploit (I think DNS) where there were reports of people looking at the flaw and saying 'they managed to make an exploit of _that_???'
and I do think that if a vendor does not respond in a reasonable time there is a need to shame them (the bad guys aren't going to remain ignorant of the exploit forever, especially if the good guys are talking about it)
however I strenuously disagree with the people who believe that full public disclosure with exploit code should be the first step
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds