Need someone to lead product management at your software company? I build high-craft software and the teams that build it. I'm looking for my next opportunity. Check out my resume and get in touch.

Adam Kalsey

This is the blog of Adam Kalsey. Unusual depth and complexity. Rich, full body with a hint of nutty earthiness.

Security & Privacy

Security notifications

Freshness Warning
This blog post is over 20 years old. It's possible that the information you read below isn't current and the links no longer work.

7 Oct 2004

The common practice among security firms is to delay public announcement of vulnerabilities until they’ve notified the software developer first. This lets the software developer get to work on a fix before the information about how to exploit a problem is broadcast to the world.

But for the second time in a week, Secunia has found a vulnerability and released it publicly without bothering to even tell the developers about it. Not only have they not given sufficient time to get a fix ready, but the developers had to find out about the problem through the news reports.

This is an extreme departure from how security companies operate and is a dangerous practice. By publishing vulnerabilities complete with descriptions for accomplishing the exploit, they are providing wannabe crackers with the means to attack systems. Secunia is also causing public alarm without giving the public a way to patch their systems. People see news of the security problem and then go to the vendor looking for a solution but the vendor just found our about the problem as well and can’t provide a fix. I’ll bet that many of these people forget to later check back for updates and continue to run vulnerable software.

See Flaw found in older Office versions (News.com) and WordPress 1.2.1 (WordPress Dev Blog) for complete stories.

Recently Written

Building the Next Big Thing: A Framework for Your Second Product
Nov 19: You need a first product sooner than you think. Here's a framework for helping you identify a winner.
A Framework for Scaling product teams
Oct 9: The people, processes, and systems that make up a product organization change radically as you go through the stages of a company. This framework will guide that scaling.
My Networked Webcam Setup
Sep 25: A writeup of my network-powered conference call camera setup.
Roadmap Outcomes, not Features
Sep 4: Drive success by roadmapping the outcomes you'll create instead of the features you'll deliver.
Different roadmaps for different folks
Sep 2: The key to effective roadmapping? Different views for different needs.
Micromanaging and competence
Jul 2: Providing feedback or instruction can be seen as micromanagement unless you provide context.
My productivity operating system
Jun 24: A framework for super-charging productivity on the things that matter.
Great product managers own the outcomes
May 14: Being a product manager means never having to say, "that's not my job."

Older...

What I'm Reading