![[SJF Logo]](/images/unixwiz-logo-140x80.gif){kind=logo}
« Win32 CRITICAL_SECTION efficiency and overhead | Main | Self promotion for the technical consultant »
January 19, 2005
Whitehats, Blackhats, and Asshats
In the news recently was a discussion of security vulerabilities in Mac OS X, and it was the same kind of thing we see from time to time on any product. The technical details of the vulnerabilities aren't that important, but the method of discovery was.
from the article:Though I don't share it entirely, there is a principled case for immediate, DJB-style full-disclosure without vendor notification on the grounds that it most rapidly achives "fixing the software" and "creating incentives to be secure".
The company [ImmunitySec] originally found the flaws in June and published them to a private list of customers but did not notify Apple. It published the flaws on Monday, after presenting them at a seminar. (emphasis mine)
But I cannot think of a principled reason to privately circulate vulnerabilities - and presumably their associated exploits - and then go public without any vendor notification.
ImmunitySec are Asshats.
Posted by steve at January 19, 2005 08:49 AM
Trackback Pings
TrackBack URL for this entry:
http://www.unixwiz.net/mt/trackback/22