> > Message: 15 > Date: Tue, 15 Sep 2009 14:13:17 -0400 > From: Jerry <ges...@yahoo.com> > Subject: Re: reporter on deadline seeks comment about > reported > security bug in FreeBSD > To: freebsd-questions@freebsd.org > Message-ID: <20090915141317.7a41b...@scorpio.seibercom.net> > Content-Type: text/plain; charset=US-ASCII > > On Tue, 15 Sep 2009 13:18:29 -0400 > Bill Moran <wmo...@potentialtech.com> > wrote: > <SNIP!> > > The fact is, that you do in fact notify me. Keeping > important security > information secret benefits no one, except for possibly > those > responsible for the problem to begin with who do not want > the > knowledge of the problem to become public. A multitude of > software, > such as Mozilla, publish known security holes in their > software. > The ramifications of allowing a user to actively use a > piece of > software when a known bug/exploit/etc. exists within it is > grossly > negligent. >
The important question is: known by whom? Every reviewer brings their own bias and experience. The code has not been "proven correct," so there is not reason to assume that a Black-hat will find the same bug/exploit. If there are more than about 3 unknown exploits, they are more likely to find a different one. IMO, Mozilla is a bad example. I've been bitten by (non-security) bugs going back to 1.5 or earlier. Disclosure: I still prefer Lynx. <SNIP!> > __________________________________________________________________ The new Internet Explorer® 8 - Faster, safer, easier. Optimized for Yahoo! Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/ _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"