>> If you tell the world about a flaw in operational software/hardware, >> you increase the pool of threat agents that know about it, increase >> the likelihood they will attack, and increase the chance they will >> be successful.
True...as far as it goes. Oddly enough, you also increase the pool of people competent to fix the issue, increase the likelihood it will be fixed promptly, and increase the likelihood that workarounds will be deployed in cases where they can be. Which outweighs the other? That depends. But pretending the good effects don't exist makes about as much sense as other people pretending the bad effects don't exist. Neither one matches reality, and taking actions based on beliefs that disagree with reality is not a good way to get the results you want. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML [email protected] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
