On TV.com: TOP 15: Greatest Opening TITLE SEQUENCES
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 30 of 44:
Next »
« Previous
Thanks, it was as I suspected.
From your link:

Disclosure Timeline

02 May 2004 Subversion developers and vendor-sec were notified by email

03 May 2004 Subversion vendor started their own analysis of the issue and started compiling a list of big repositories to receive pre-notifications

11 May 2004 Big subversion repositories (not already contacted through vendor-sec) got pre-notified

19 May 2004 Coordinated Public Disclosure


If I read it right, they had 9 days where they knew about the problem before contacting the big repositories. They were very selective who they told. (Made a list of who gets the information and no one else.

And 17 days later decided to "coordinate" public discloser. Not that they did it, they coordinated. Does that mean they had no plan in place to release known bugs? From the wording I would assume so other wise there would be no need to "coordinate".

Again, the only point I am making is that they (as people demand of MS) warned admins the second they knew there was a problem. Anything else falls well short of being "open"...
Posted by: No_Ax_to_Grind   Posted on: 05/20/04 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

patchs patchs everywhere and not a thing to drink  ickusslime@... | 05/19/04
the application is the problem  V Sanders | 05/19/04
Big deal..  FreeBSD | 05/19/04
Big deal..  seosamh_z | 05/19/04
Sure! Let's use  michael-t | 05/19/04
Sure! Let's use  seosamh_z | 05/20/04
Cluelessness  michael-t | 05/20/04
...  FreeBSD | 05/20/04
WTF?  Suicida| | 05/22/04
Oh yeah  ickusslime@... | 05/19/04
haha  V Sanders | 05/19/04
did you read the article???  ickusslime@... | 05/19/04
R D B M S  dr_who@... | 05/19/04
Good choice!  michael-t | 05/19/04
Microsoft is secure? Just look at this.  thepubba | 05/20/04
you're a fool!  ryusen | 05/20/04
Hey!  Suicida| | 05/22/04
RE:haha  MG_z | 05/21/04
Another half-wit ZDNet/CNet writer  FederalistPaperBoy | 05/19/04
half-wit ZDNet/CNet writer  Nationalist | 05/19/04
half-wit ZDNet/CNet writer  Nationalist | 05/19/04
Re: Another half-wit ZDNet/CNet writer  mmarietta | 05/20/04
slight of hand  kgosnell@... | 05/19/04
How is this being "open"???  No_Ax_to_Grind | 05/20/04
Microsoft has a lon history of denying security problems  B.O.F.H. | 05/20/04
Apparently, so does open source.  No_Ax_to_Grind | 05/20/04
Here is the timeline  B.O.F.H. | 05/20/04
Not very informative at all.  No_Ax_to_Grind | 05/20/04
Check the release dates and the fix dates.  B.O.F.H. | 05/20/04
Thanks, it was as I suspected.  No_Ax_to_Grind | 05/20/04
Bug reports have to be verified and reproduced  B.O.F.H. | 05/20/04
Wrong  MG_z | 05/21/04
Da Einstein  trojanhorse | 05/20/04
NWOR  No_Ax_to_Grind | 05/20/04
Please excuse my ignorance, but..  toadlife | 05/20/04
NWOR= Not Worthy Of Reply.  No_Ax_to_Grind | 05/20/04
(NT)Thanks - and I agree  toadlife | 05/20/04
Re: No_Ax_to_Grind  MG_z | 05/21/04
Who is the article about boys and girls?  No_Ax_to_Grind | 05/20/04
I already replied, but...  MG_z | 05/21/04
So what is Secure on the Net these days ???  webgecko | 05/20/04
Unlike Microsoft, Linux fixes fast  CobraA1 | 05/21/04
Not to mention  Suicida| | 05/22/04
Nothing nice happening to either side  FilledOut | 05/21/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement
Click Here

SmartPlanet

Click Here