Fingerprinting systems with TCP source-port selection
Fingerprinting systems with TCP source-port selection
Posted Oct 6, 2022 22:39 UTC (Thu) by unixbhaskar (guest, #44758)Parent article: Fingerprinting systems with TCP source-port selection
"n this case, the lengthy period of secrecy seemingly had nothing to do with security. The fixes were public and were quickly incorporated into any kernel that is being maintained with an eye toward security problems. Instead, this delay was entirely created by the requirements of the journal publishing the article describing the vulnerability. That journal's demand for exclusivity, in a way that was convenient for its own publication schedule, prohibited the posting of an explanation of the vulnerability elsewhere. "
Bad practices mar all the good work and importantly kill the enjoyment of solving "real problems"...
Posted Oct 13, 2022 3:53 UTC (Thu)
by gdt (subscriber, #6284)
[Link]
A university employer would see no problem with an academic preferring full publication of the fault in an academic journal over following some 'Linux community responsible disclosure' process which precludes such publication.
That in turn means that if the Linux kernel community wants pre-disclosure of faults, then they have to provide a process which does not create unenviable choices for academics.
You can argue that academic publishing is broken, and that academics should be evaluated using broader criteria. Neither of those arguments is new, and the Linux community isn't going to be the group which successfully corrects either of those issues.
Fingerprinting systems with TCP source-port selection