[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: netscape bug

To: [email protected], "Vladimir Z. Nuri" <[email protected]>
Subject: Re: netscape bug
From: "Joe Tardo" <[email protected]>
Date: 21 Sep 1995 09:51:31 -0700
Cc: [email protected]
Sender: [email protected]

        Reply to:   RE>netscape bug

"Vladimir Z. Nuri" writes:

>I am willing to bet that the netscape bug would have been fixed quickly if it
>had been quietly brought to their attention, without the blaring media
>lights (I enjoy the media circus as much as the next guy, but on the
>other hand, doing some things quietly may actually advance the cypherpunk
>cause further than by making a noisy hullaballoo in cyberspace).

I can't speak for Netscape in particular, but from bitter personal experience 
(in a previous life) I would  be more willing to bet that bringing such a flaw

to management's attention would raise the priority a bit to perhaps just below

whatever their equivalent of the 'cut line' is.  The rationale: "we are so 
resource limited;  can't just keep it under wraps and fix it in the next
release?" 
just rings in my ears.

I can really empathize with what the developers at Netscape must be going
through, but the 'social good' of raising security flaws to the level of the 
front page of the NYT is hard to deny.  Rather than saying "security through
obscurity is bad" you can point to a precedent of the consequences of being 
found out. 

--Joe

Prev by Date: Re: FROM A FRIEND . . . (the joys of boating)
Next by Date: Re: Euro-Clipper
Prev by thread: Re: netscape bug
Next by thread: netscape bug
Index(es):
- Date
- Thread