Security disclosure debate reignites
Online security consultancy Spi Dynamics has sparked a new debate over the responsible handling of vulnerability warnings with the release of an alert for multiple security holes in the Sun ONE Application Server 7.0.
The Atlanta-based Spi Dynamics issued the warning without the availability of a patch or workaround from Sun Microsystems. A spokesperson for Sun confirmed the existence of the security holes and said one of the bugs has already been fixed in Update 1 of Application Server 7.0.
According to Spi Dynamics CEO Brian Cohen, the decision to release the information was made after several unsuccessful attempts to reach Sun's security unit.
[ Read more ]
- Vulnerability: Sun-One Application Server Multiple Vulnerabilities (28 May 2003)