[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: netscape bug
Reply to: RE>netscape bug
"Vladimir Z. Nuri" writes:
>I am willing to bet that the netscape bug would have been fixed quickly if it
>had been quietly brought to their attention, without the blaring media
>lights (I enjoy the media circus as much as the next guy, but on the
>other hand, doing some things quietly may actually advance the cypherpunk
>cause further than by making a noisy hullaballoo in cyberspace).
I can't speak for Netscape in particular, but from bitter personal experience
(in a previous life) I would be more willing to bet that bringing such a flaw
to management's attention would raise the priority a bit to perhaps just below
whatever their equivalent of the 'cut line' is. The rationale: "we are so
resource limited; can't just keep it under wraps and fix it in the next
release?"
just rings in my ears.
I can really empathize with what the developers at Netscape must be going
through, but the 'social good' of raising security flaws to the level of the
front page of the NYT is hard to deny. Rather than saying "security through
obscurity is bad" you can point to a precedent of the consequences of being
found out.
--Joe