mailing list archives
Re: Firefox Remote Compromise Leaked
From: Vincent van Scherpenseel <mailinglists () vanscherpenseel nl>
Date: Sun, 8 May 2005 11:02:24 +0200
On Sunday 08 May 2005 10:14, Jason Coombs wrote:
Nothing at all would have been gained by delaying disclosure, other than
to give attackers a bigger window of opportunity to mount successful
attacks and design new exploits that will launch successfully against a
completely unprepared computing public.
Most of the time disclosure is delayed to allow the vendor to fix a security
bug. If you find a security bug and give the vendor five days to fix it
before you release the disclosure advisory there's a smaller chance that the
vulnerability will be exploited by malicious people.
Full disclosure works because it forces vendors to actually fix a security
problem, and delaying a disclosure for a couple of days doesn't hurt that way
- Vincent van Scherpenseel
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: Firefox Remote Compromise Leaked Steve Friedl (May 08)