On TV.com: TOP 15: Greatest Opening TITLE SEQUENCES
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 32 of 44:
Next »
« Previous
Wrong
According to the article I read they alerted the major players that use the system earlier and after many of these were patched, they informed the rest of the community through articles like this and other major forms of communication. No one was hiding anything. They were just allowing a fix to be made so major open source distributions would not be compromised.

There is a huge difference between patching a system used to house code to the rest of the world and a server a company uses for business reasons. So doing this quietly makes sense in this situation. It reduces the chance of compromise, tests the patch on those other systems and still allows time to fix any problems.

Now compare this to Microsoft. They have to be beaten down with a stick to admit the flaw. They insist it is not a real problem while they are writing the patch code. Then they admit the problem and publish the patch which proceeds to either not work, cause slowdowns or crashes. Or in many cases, breaks something else because they had to rush it our under pressure to save face.

Neither approach is good in most cases. But sometimes an approach that is quiet may be best to preserve security. Besides it is poor form to announce a flaw until there is a fix for it. It is their responsibility to report to the software makers and allow some time to correct the problem before you announce to the world ?hack me, hack me?.
Posted by: MG_z   Posted on: 05/21/04 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

patchs patchs everywhere and not a thing to drink  ickusslime@... | 05/19/04
the application is the problem  V Sanders | 05/19/04
Big deal..  FreeBSD | 05/19/04
Big deal..  seosamh_z | 05/19/04
Sure! Let's use  michael-t | 05/19/04
Sure! Let's use  seosamh_z | 05/20/04
Cluelessness  michael-t | 05/20/04
...  FreeBSD | 05/20/04
WTF?  Suicida| | 05/22/04
Oh yeah  ickusslime@... | 05/19/04
haha  V Sanders | 05/19/04
did you read the article???  ickusslime@... | 05/19/04
R D B M S  dr_who@... | 05/19/04
Good choice!  michael-t | 05/19/04
Microsoft is secure? Just look at this.  thepubba | 05/20/04
you're a fool!  ryusen | 05/20/04
Hey!  Suicida| | 05/22/04
RE:haha  MG_z | 05/21/04
Another half-wit ZDNet/CNet writer  FederalistPaperBoy | 05/19/04
half-wit ZDNet/CNet writer  Nationalist | 05/19/04
half-wit ZDNet/CNet writer  Nationalist | 05/19/04
Re: Another half-wit ZDNet/CNet writer  mmarietta | 05/20/04
slight of hand  kgosnell@... | 05/19/04
How is this being "open"???  No_Ax_to_Grind | 05/20/04
Microsoft has a lon history of denying security problems  B.O.F.H. | 05/20/04
Apparently, so does open source.  No_Ax_to_Grind | 05/20/04
Here is the timeline  B.O.F.H. | 05/20/04
Not very informative at all.  No_Ax_to_Grind | 05/20/04
Check the release dates and the fix dates.  B.O.F.H. | 05/20/04
Thanks, it was as I suspected.  No_Ax_to_Grind | 05/20/04
Bug reports have to be verified and reproduced  B.O.F.H. | 05/20/04
Wrong  MG_z | 05/21/04
Da Einstein  trojanhorse | 05/20/04
NWOR  No_Ax_to_Grind | 05/20/04
Please excuse my ignorance, but..  toadlife | 05/20/04
NWOR= Not Worthy Of Reply.  No_Ax_to_Grind | 05/20/04
(NT)Thanks - and I agree  toadlife | 05/20/04
Re: No_Ax_to_Grind  MG_z | 05/21/04
Who is the article about boys and girls?  No_Ax_to_Grind | 05/20/04
I already replied, but...  MG_z | 05/21/04
So what is Secure on the Net these days ???  webgecko | 05/20/04
Unlike Microsoft, Linux fixes fast  CobraA1 | 05/21/04
Not to mention  Suicida| | 05/22/04
Nothing nice happening to either side  FilledOut | 05/21/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here
advertisement

SmartPlanet

Click Here