Full Disclosure mailing list archives
Re: Vendor v. Open-Source Response (was GUNINSKI THE SELF-PROMOTER)
From: Karl DeBisschop <kdebisschop () alert infoplease com>
Date: 20 Jul 2003 09:18:22 -0400
On Sun, 2003-07-20 at 01:25, Valdis.Kletnieks () vt edu wrote:
On Sat, 19 Jul 2003 22:43:36 EDT, "mattmurphy () kc rr com" <mattmurphy () kc rr com> said:point. You whine about two weeks to produce a patch from MS, and then you wait for an open source project to patch a bug for almost a month, they don't even start, and you still praise their project. That's hypocrisy Georgi, no matter what you call it.How about we factor in the budgets ... ... There's nothing at all "hypocritical" in holding a large vendor to a higher standard than a private project - one can reasonably expect that Microsoft can find the resources to have a security bug looked at within 24 hours. On the other hand, a lot of open source software is maintained by just one or two people.
Actually, time to fix, IMHO, is not MS biggest failing in this arena. I can understand that bug may be hard to fix across multiple versions of an OS, etc. But any vendor, large or smale, can accept a bug report, assign a tracking number, attempt to validate the bug, and report those finding to the original submitter. Mozilla does it. Gnome does it. Any OS project using SourceForge or Savannah can do it. But MS cannot? Whether the books are opened at the time the bug is filed, or at the time the patch is released could, again IMHO, be a vendor decision. But it is those records, or the various open mailing lists, that provide the basis for a user to make an educated decsion about which product they choose to buy or use. The market is made unfair when a vendor suppresses release of any bug it does not feel like fixing. While I personally feel full disclosure is the best way to make a solid, reliable product, MS does not. That's their choice, but if MS wishes to credibly say that its limited disclosure policy works, there must be some tracking and accounability. Until then, it looks like a somkescreen to me. -- Karl DeBisschop <kdebisschop () alert infoplease com> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Re: GUNINSKI THE SELF-PROMOTER, (continued)
- RE: Re: GUNINSKI THE SELF-PROMOTER Melvyn Sopacua (Jul 15)
- Re: GUNINSKI THE SELF-PROMOTER mattmurphy () kc rr com (Jul 15)
- Re: GUNINSKI THE SELF-PROMOTER Georgi Guninski (Jul 19)
- Re: GUNINSKI THE SELF-PROMOTER pandora (Jul 19)
- Re: GUNINSKI THE SELF-PROMOTER Georgi Guninski (Jul 19)
- Re: GUNINSKI THE SELF-PROMOTER dhtml (Jul 15)
- Re: GUNINSKI THE SELF-PROMOTER mattmurphy () kc rr com (Jul 18)
- Re: GUNINSKI THE SELF-PROMOTER mattmurphy () kc rr com (Jul 19)
- Re: GUNINSKI THE SELF-PROMOTER w g (Jul 19)
- Re: GUNINSKI THE SELF-PROMOTER Troy Solo (Jul 19)
- Re: GUNINSKI THE SELF-PROMOTER Valdis . Kletnieks (Jul 19)
- Re: Vendor v. Open-Source Response (was GUNINSKI THE SELF-PROMOTER) Karl DeBisschop (Jul 20)
- Re: GUNINSKI THE SELF-PROMOTER Georgi Guninski (Jul 20)
- Re: GUNINSKI THE SELF-PROMOTER w g (Jul 19)
- Re: GUNINSKI THE SELF-PROMOTER Muhammad Faisal Rauf Danka (Jul 20)
- Re: GUNINSKI THE SELF-PROMOTER mattmurphy () kc rr com (Jul 20)
- Re: GUNINSKI THE SELF-PROMOTER northern snowfall (Jul 20)
- Re: GUNINSKI THE SELF-PROMOTER Jeremiah Cornelius (Jul 22)
- Re: GUNINSKI THE SELF-PROMOTER northern snowfall (Jul 20)
- Re: GUNINSKI THE SELF-PROMOTER dhtml (Jul 20)
- Re: GUNINSKI THE SELF-PROMOTER Remko Lodder (Jul 20)
- RE: GUNINSKI THE SELF-PROMOTER Scott Renna (Jul 21)
