No - I'm approaching this from the POV of enterprise customers that I've had in prior lives. InfoSec wants the details, and wants to make their own decisions w/r/t risk.
On Tue, Sep 28, 2010 at 12:09 PM, jan <[email protected]> wrote: > On 28 Sep., 19:47, Jeff Enderwick <[email protected]> wrote: >> Why would security announcements be limited to OHA members? Of course, >> there are public-disclosure-when-fixed scenarios, but everyone else on >> the planet discloses security vulnerabilities publicly so that people >> can make their own informed decisions. > Jeff, IMHO you're approaching this from a developers point of view. > You and I might know where to look for certain information, but you'll > never get Joe Average to check the CVE DB to find out about issues. > And of course let's not forget that Google itself wrote that > vulnerabilites, once fixed, would be listed in a Google Group. And > that's my point, they just don't live up to their promise. > Were there means for average users to easily stay informed about > issues, be it a forum, a blog or something else, then security-aware > users could at least apply workarounds for issues until Google / > manufacturers / carriers release patches. > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
