On Fri, 07 Nov 2003 16:25:23 PST, [EMAIL PROTECTED] said: > SCO Security Advisory > > Subject: OpenLinux: Multiple vulnerabilities have reported in Ethereal > 0.9.12 > Advisory number: CSSA-2003-030.0 > Issue date: 2003 November 07 > Cross reference: sr883585 fz528203 erg712398 CAN-2003-0428 CAN-2003-0429 CAN-2003-0430 CAN-2003-0431 CAN-2003-0432 > _____________________________________________________________________________
Hmm... the same bugs that everybody *else* fixed back in *June*. I had to go digging to verify it *was* the same set of bugs, it's been so long. Discuss: If an advisory is *this* late in coming, should a vendor issue it or not? Compare and contrast the risks of a customer getting whacked by a *very* old vulnerability versus the risk of losing market share due to a perceived inability to ship security fixes on a timely basis.
pgp00000.pgp
Description: PGP signature
