LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Speaking with code

Speaking with code

Posted Jul 25, 2009 1:36 UTC (Sat) by dlang (✭ supporter ✭, #313)
In reply to: Speaking with code by spender
Parent article: Quotes of the week

but if you pointed out a problem and they implemented a fix, doesn't that indicate that they care and are interested in fixing the problems?

the fact that that fix didn't solve all possible aspects of this problem is unfortunate, but not more than that (you didn't see the implications at that time or you would have made more of a fuss then)

by the way, I do think that there are times when it's necessary to develop exploits, I don't remember exactly which thing, but within the last few months there was some exploit (I think DNS) where there were reports of people looking at the flaw and saying 'they managed to make an exploit of _that_???'

and I do think that if a vendor does not respond in a reasonable time there is a need to shame them (the bad guys aren't going to remain ignorant of the exploit forever, especially if the good guys are talking about it)

however I strenuously disagree with the people who believe that full public disclosure with exploit code should be the first step

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds