Security notifications

Freshness Warning
This article is over 7 years old. It's possible that the information you read below isn't current.

7 Oct 2004

The common practice among security firms is to delay public announcement of vulnerabilities until they’ve notified the software developer first. This lets the software developer get to work on a fix before the information about how to exploit a problem is broadcast to the world.

But for the second time in a week, Secunia has found a vulnerability and released it publicly without bothering to even tell the developers about it. Not only have they not given sufficient time to get a fix ready, but the developers had to find out about the problem through the news reports.

This is an extreme departure from how security companies operate and is a dangerous practice. By publishing vulnerabilities complete with descriptions for accomplishing the exploit, they are providing wannabe crackers with the means to attack systems. Secunia is also causing public alarm without giving the public a way to patch their systems. People see news of the security problem and then go to the vendor looking for a solution but the vendor just found our about the problem as well and can’t provide a fix. I’ll bet that many of these people forget to later check back for updates and continue to run vulnerable software.

See Flaw found in older Office versions (News.com) and WordPress 1.2.1 (WordPress Dev Blog) for complete stories.


Your comments:

Text only, no HTML. URLs will automatically be converted to links. Your email address is required, but it will not be displayed on the site.

Name:

Not your company or your SEO link. Comments without a real name will be deleted as spam.

Email: (not displayed)

If you don't feel comfortable giving me your real email address, don't expect me to feel comfortable publishing your comment.

Website (optional):

Follow me on Twitter

Lijit Search

Best Of

  • Movie marketing on a budget Mark Cuban's looking for more cost effective ways to market movies.
  • Embrace the medium The Web is different than print, television, or any other medium. To be successful, designers must embrace those differences.
  • Lock-in is bad T-Mobile thinks they'll get new Hotspot customers with exclusive content and locked-in devices.
  • California State Fair The California State Fair lets you buy tickets in advance from their Web site. That's good. But the site is a horror house of usability problems.
  • Customer reference questions. Sample questions to ask customer references when choosing a software vendor.
  • More of the best »

Recently Read

Get More

Subscribe | Archives

7

Recently

invisible Fence (Mar 22)
The New York Times has a paywall now. Sorta. If you don't choose to ignore it.
Black status icon for Chrometa (Mar 17)
Replacing the status icon of Chrometa
Using Google Voice as your voicemail on AT&T (Oct 26)
How I set up my iPhone to use Google Voice as it's voicemail system.
Don Mattingly forced to make coaching change (Sep 17)
New LA Dodgers coach starts to wonder if he knows the rules of baseball at all.
In which Vonage pretends their prices haven't changed (Apr 12)
Translating what Vonage marketing says about their price increase into plain English.
Twitter app competition (Apr 12)
Life as a Twitter app developer is far from over.
Twitter app competition (Apr 12)
Life as a Twitter app developer is far from over.
The rest of the world is not like you (Apr 5)
Normal people are different. Keep that in mind when creating or marketing a product.

Subscribe to this site's feed.

Elsewhere

IMified
Build instant messaging applications. (My company)
SacStarts
The Sacramento technology startup community.
Pinewood Freak
Pinewood Derby tips and tricks

Contact

Adam Kalsey

Mobile: 916.600.2497

Email: adam AT kalsey.com

AIM or Skype: akalsey

Resume

PGP Key

©1999-2012 Adam Kalsey.
Content management by Movable Type.