Coming clean on patches
The debate is about when researchers should alert the general public to the flaws they find. Industry protocol calls for discoveries to be kept quiet until a patch is available—usually no less than 30 days—to minimize the threat from hackers who could do damage in the interim.
That process, however, could soon change. A prominent security expert last week announced that he will give software companies just one week to patch a new vulnerability before he releases data about the flaw to the public.
[ Read more ]
- Article: Full Disclosure of Vulnerabilities - pros/cons and fake arguments (8 April 2002)
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.