Security notifications

Freshness Warning
This blog post is over 18 years old. It's possible that the information you read below isn't current and the links no longer work.

7 Oct 2004

The common practice among security firms is to delay public announcement of vulnerabilities until they’ve notified the software developer first. This lets the software developer get to work on a fix before the information about how to exploit a problem is broadcast to the world.

But for the second time in a week, Secunia has found a vulnerability and released it publicly without bothering to even tell the developers about it. Not only have they not given sufficient time to get a fix ready, but the developers had to find out about the problem through the news reports.

This is an extreme departure from how security companies operate and is a dangerous practice. By publishing vulnerabilities complete with descriptions for accomplishing the exploit, they are providing wannabe crackers with the means to attack systems. Secunia is also causing public alarm without giving the public a way to patch their systems. People see news of the security problem and then go to the vendor looking for a solution but the vendor just found our about the problem as well and can’t provide a fix. I’ll bet that many of these people forget to later check back for updates and continue to run vulnerable software.

See Flaw found in older Office versions (News.com) and WordPress 1.2.1 (WordPress Dev Blog) for complete stories.

Recently Written

The Trap of The Sales-Led Product (Dec 10): It’s not a winning way to build a product company.
The Hidden Cost of Custom Customer Features (Dec 7): One-off features will cost you more than you think and make your customers unhappy.
Domain expertise in Product Management (Nov 16): When you're hiring software product managers, hire for product management skills. Looking for domain experts will reduce the pool of people you can hire and might just be worse for your product.
Strategy Means Saying No (Oct 27): An oft-overlooked aspect of strategy is to define what you are not doing. There are lots of adjacent problems you can attack. Strategy means defining which ones you will ignore.
Understanding vision, strategy, and execution (Oct 24): Vision is what you're trying to do. Strategy is broad strokes on how you'll get there. Execution is the tasks you complete to complete the strategy.
How to advance your Product Market Fit KPI (Oct 21): Finding the gaps in your product that will unlock the next round of growth.
Developer Relations as Developer Success (Oct 19): Outreach, marketing, and developer evangelism are a part of Developer Relations. But the companies that are most successful with developers spend most of their time on something else.
Developer Experience Principle 6: Easy to Maintain (Oct 17): Keeping your product Easy to Maintain will improve the lives of your team and your customers. It will help keep your docs up to date. Your SDKs and APIs will be released in sync. Your tooling and overall experience will shine.

Older...

What I'm Reading

Trillion Dollar Coach: The Leadership Playbook of Silicon Valley's Bill Campbell by Eric Schmidt
Amp It Up: Leading for Hypergrowth by Raising Expectations, Increasing Urgency, and Elevating Intensity by Frank Slootman
Indistractable: How to Control Your Attention and Choose Your Life by Nir Eyal
Monty Hall, Storytelling, and Planning
Scaling Up is Hard to Do | Chasm Group
Crazy, Unloved but Potentially Transformational – What’s in your Loonshot nursery? - Rita McGrath
When terrible things happen to good innovation projects… - Rita McGrath
The Hype Handbook: 12 Indispensable Success Secrets From the World’s Greatest Propagandists, Self-Promoters, Cult Leaders, Mischief Makers, and Boundary Breakers by Michael F. Schein
Masters of Scale: Surprising Truths from the World's Most Successful Entrepreneurs by Reid Hoffman
Zero to One: Notes on Startups, or How to Build the Future by Peter Thiel
Build Better Products: A Modern Approach to Building Successful User-Centered Products by Laura Klein
Economics in One Lesson: The Shortest and Surest Way to Understand Basic Economics by Henry Hazlitt
Deep Work: Rules for Focused Success in a Distracted World by Cal Newport
Brag!: The Art of Tooting Your Own Horn without Blowing It by Peggy Klaus
Strong Product People: A Complete Guide to Developing Great Product Managers by Petra Wille
Fall; or, Dodge in Hell by Neal Stephenson
Continuous Discovery Habits: Discover Products that Create Customer Value and Business Value by Teresa Torres
Working Backwards: Insights, Stories, and Secrets from Inside Amazon by Colin Bryar
Empowered: Ordinary People, Extraordinary Products by Marty Cagan
Good Strategy Bad Strategy: The Difference and Why It Matters by Richard P. Rumelt

Contact

Adam Kalsey

+1 916 600 2497

adam AT kalsey.com

Resume

Public Key