Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: FIREFOX flaws: nested array sort() loop Stack overflow exception
From: Jose Nazario <jose () monkey org>
Date: Fri, 26 Nov 2004 14:45:22 -0500 (EST)

On Thu, 25 Nov 2004, Heikki Toivonen wrote:

3. Either login if you already have an account, or click "create new
account". Let's assume we need to create a new account...
4. Type in a valid email address and click "Create Account"
5. [mail] Read email that was sent to the address to get password
6. back on in the browser, click "log in here"
7. fill in your username and password and click "login"

[snip the rest of useful info on how to post good, healthy, actionable bug
reports]

requiring someone to register to post a bug is harmful in the sense that
you wind up turning off peopl ewho simply can't be bothered to fill out
that info or wish to remain anonymous. while i definitely see the benefit
of forcing registration or even wanting it, i bet you'e losing more bug
reports than you care to imagine this way.

benefits of forcing/encouraging registration include:
        - garaunteed line of followup
        - reduced spam quantities in bugzilla
        - at leasta cutofof "i care enough to ..."

still, you're losing more than you may expect. i know i've failed to file
bug reports (non-security related) for mozilla products due to this "speed
bump". the security@ route is useful, and i'm glad you pointed it out.
this point should be considered by anyone who runs a bug reporting page
for open submissions, you may be doing more harm than benefit.

________
jose nazario, ph.d.                     jose () monkey org
http://monkey.org/~jose/                http://infosecdaily.net/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]