Advertisement
Promo

Security threats Toolkit

Story: Security exploits: Who's to blame?

  • Previous comment

Posted by: Arthur B. (Tuesday 6 September 2005, 8:42 PM)

  • Reply

Vendors shouldn't lay down security related disclosure rules. Period.

When a researcher finds a flaw he/she should post it in full on a special members only disclosure list and 30 days after the same information should be posted on a public list by someone else. End of story.

That should motivate vendors and researchers alike to be very carefull as to what they publish (or sell on the markets). As well as making sure that they follow up with all required resources.

Don't like? Then make sure that, 1, you don't get posted or, 2, that if you get posted you can fix things within 30 days.

Nothing is perfect. We all know that. So make sure that you're prepared to handle inperfections in a timely matter. In fact, that aspect should have been part of the general design.

The only two constants in IT are: damage and change. So master that. The rest will be part of history sooner or later.

  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

2 comments

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

Newsletters