| |||||||||||||
A /proc/PID/mem vulnerabilityA /proc/PID/mem vulnerabilityPosted Jan 26, 2012 8:53 UTC (Thu) by danielpf (subscriber, #4723)In reply to: A /proc/PID/mem vulnerability by kurtseifried Parent article: A /proc/PID/mem vulnerability
Between Torvald's attitude to not elaborate on security bugs and the security expert attitude to fully explain the bugs rather sooner than later, an intermediate attitude should be to comment security bugs gradually in depth once the patches have been applied to a reasonable fraction of users. LWN editorials do a great contribution in this direction. Not commenting bugs prevent developers to learn on the long term, and commenting bugs too early damages Linux security reputation.
(Log in to post comments)
A /proc/PID/mem vulnerability Posted Jan 31, 2012 5:45 UTC (Tue) by malor (subscriber, #2973) [Link] and commenting bugs too early damages Linux security reputation.A better summation would be tells the truth, and we can't have users knowing the TRUTH, because they might not use Linux. Much, much better to lie to them, to get users to use your code. Well, better for you, anyway.
A /proc/PID/mem vulnerability Posted Jan 31, 2012 5:48 UTC (Tue) by malor (subscriber, #2973) [Link] I mean, that's the Catholic Church approach to computer security -- the reputation of the
|
|||||||||||||