LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Long-lived security holes

Long-lived security holes

Posted Jun 25, 2004 0:08 UTC (Fri) by DaveK (subscriber, #2531)
In reply to: Long-lived security holes by mjr
Parent article: Long-lived security holes

From the (so far) brief discussion here, it seems that since there are so many factors to consider in devising a rating scheme, that such a one will be very difficult to agree upon. Furthermore, as noted above, once a 'low rated' bug gets exploited then the rating may lose its credibility.
So perhaps the focus should not be on a rating system which may lull people into a false sense of security of being able to delay updates, but to accept that all vulnerabilities could have unforseen implications, and should thus be considered serious, and to look instead into the process of distributing and applying fixes, and to make this less painful or intrusive, such that sysadmins have no reason to fear and or delay patching/updating.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds