Need someone to lead product management at your software company? I build high-craft software and the teams that build it. I'm looking for my next opportunity. Check out my resume and get in touch.

Adam Kalsey

This is the blog of Adam Kalsey. Unusual depth and complexity. Rich, full body with a hint of nutty earthiness.

Security & Privacy

Security notifications

Freshness Warning
This blog post is over 20 years old. It's possible that the information you read below isn't current and the links no longer work.

7 Oct 2004

The common practice among security firms is to delay public announcement of vulnerabilities until they’ve notified the software developer first. This lets the software developer get to work on a fix before the information about how to exploit a problem is broadcast to the world.

But for the second time in a week, Secunia has found a vulnerability and released it publicly without bothering to even tell the developers about it. Not only have they not given sufficient time to get a fix ready, but the developers had to find out about the problem through the news reports.

This is an extreme departure from how security companies operate and is a dangerous practice. By publishing vulnerabilities complete with descriptions for accomplishing the exploit, they are providing wannabe crackers with the means to attack systems. Secunia is also causing public alarm without giving the public a way to patch their systems. People see news of the security problem and then go to the vendor looking for a solution but the vendor just found our about the problem as well and can’t provide a fix. I’ll bet that many of these people forget to later check back for updates and continue to run vulnerable software.

See Flaw found in older Office versions (News.com) and WordPress 1.2.1 (WordPress Dev Blog) for complete stories.

Recently Written

Think Systems, not Symptoms
Dec 15: Piecemeal process creation frustrates teams and slows work. Stop patching problems and start solving systems. Adopting a systems thinking approach helps you design processes that are efficient, aligned with goals, and truly add value.
Your Policies Aren’t Your Culture
Dec 13: Policies guide behavior, but culture is the lived norms and values of your team. Policies reflect culture -- they don’t define it. Netflix’s parental leave shift didn’t change its culture of freedom and responsibility. It clarified how to live it.
Lighten Your Process Burden
Dec 7: Everyone hates oppressive processes, but somehow we keep managing to create them.
Product Add-Ons Are An Expansion Myth
Dec 1: Add-ons can enhance your product’s appeal but won’t drive significant market growth. To expand your customer base, focus on developing standalone products.
Protecting your Product Soul when the Same Product meets New People.
Nov 23: Expand into new markets while preserving your product’s core value. Discover how to adapt and grow without losing your product’s soul.
Building the Next Big Thing: A Framework for Your Second Product
Nov 19: You need a first product sooner than you think. Here's a framework for helping you identify a winner.
A Framework for Scaling product teams
Oct 9: The people, processes, and systems that make up a product organization change radically as you go through the stages of a company. This framework will guide that scaling.
My Networked Webcam Setup
Sep 25: A writeup of my network-powered conference call camera setup.

Older...

What I'm Reading