On Fri, 2008-09-19 at 14:39 -0600, Mark J. Nelson wrote:
> 1. Do any of the defects covered in this RTI affect security?
that's a poor way of asking the question -- it's ambiguous (security
vulnerability, which may exist in any code, vs. defects in security
functionality which do not constitute security vulnerabilities).
How about:
"Are any of the defects covered in this RTI considered security
vulnerabilities?"
or
"Do any of the changes proposed by this RTI address a security
vulnerability?"
or, perhaps:
"Do any of the changes proposed by this RTI address a security
vulnerability which has not been publicly disclosed?"
- Bill
