In
<!&!aaaaaaaaaaayaaaaaaaaaih+nruo4exaufaxntnnphscxbiaeaaaads7rowi8uhjgnhomuyoh3wbaaaaa...@gmail.com>,
on 04/03/2010
at 10:47 AM, Don Williams <[email protected]> said:
>For the clever attacker, it is to his advantage for those
>integrity issues to NOT be discussed.
That's not the question. Is it to his advantage for the discussion to be
private, between the reporter and the developer? The only situations in
which I would go public with a security hole are when it is a generic
problem affected a whole community of developers or when the developers
refuse to fix it.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position; see <http://patriot.net/~shmuel/resume/brief.html>
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
