Slashdot Mirror

← Back to Stories (view on slashdot.org)

On The Costs of Full Security Disclosure

Posted by ryuzaki0 on from the how-much-is-too-much dept.

sasha328 writes "I found reference to this email on the LWN.NET site which was sent to the SecurityFocus mailing list. It asks a very valid question about how much you can disclose before malicious virii can be possible."

4 of 269 comments (clear)

  1. Does this Really apply to Code Red by Darkseer · · Score: 0, Troll

    First of all what does this have to do with code red? The virus is self replicating and the creater was using a, from what I've been reading, unpublished exploit. After the first 50, 60, or some small amount of computers are compromised the thing pretty much runs itself. Theoretically this could have all started with manually cracking one computer and no human intervention after that. Not publising would not have stopped the spread. Its not like 20,000 little crackers were tirelessly manually installing code red on a zillion different computers and then telling their friends how to do it. At least if the exploit is published, the poor slob who gets hit with this virus first has some idea what to look for. IIS is out there and you can't stop people from reverse engineering it no matter haow many laws you pass. The best wepon we have is to keep the "good guys" as well informed as possible. I want to know when the vendor knows, maybe I can't fix it but I sure as hell don't want to be flying blind. &lt sarcasm &gt Yeah, lets intentionally limit the information I have access to so I can be even more unprepared when a virus hits.&lt /sarcasm &gt....riiiiiight good move.

    --

    BOFH, My model for being a sysadmin :)

  2. There's a word for people like Richard by jsse · · Score: 0, Troll

    Troll

  3. Rockin the Slashdot! by $(CCFLAGS) · · Score: -1, Troll

    Rockin the Slashdot

    by the CmdrTaco Five

    Let me tell y'all what it's like
    Being male, supergay and white
    I'm a bitch, if you don't believe
    Listen up to my new CD
    (Sha-mon)

    I got shit runnin' down the drain
    Enemas so intense that I can't explain
    All alone in my white-boy pain
    Y'all Shake your booty while Jeff complains

    I'm rockin' the Slashdot
    Just like Linus Torvalds did
    I'm rockin' the Slashdot
    Except that he is talented
    I'm rockin' the Slashdot
    I take the cheques and face the facts
    That VA Linux don't make computers and soon I'll get the axe

    I'm pissed off but I'm too polite
    When people crapflood my pet web site
    Mom and Dad taught me what is right
    IP Ban them in the dead of night

    I don't know how much I can take
    But I'll find out with your tube steak

    I'm rockin' the Slashdot
    Just like Bruce Perens did
    I'm rockin' the Slashdot
    Except that he thinks he's talented
    I'm rockin' the Slashdot
    I take the cheques and face the facts
    That VA Linux don't make computers and soon I'll get the axe

    In a haze these days
    I pull up to the stop light
    I can feel that something's not right
    I can feel that someone's pumping me with hate
    Ouch!
    Hope he's wearing a condom
    'Cause somone on my web site posted OT III
    About someone's great great great great Grandaddies aliens
    It wasn't my idea
    It wasn't my idea
    Never was my idea

    I just drove to the store
    For some Assstroooooglide!

    Y'all don't know what it's like
    Being male, supergay and white
    Y'all don't know what it's like
    Being male, supergay and white
    Y'all don't know what it's like
    Being male, supergay and white
    Y'all don't know what it's like
    Being male, supergay and white

    It gets me real pissed off, it makes me wanna say
    It gets me real pissed off and it makes me wanna say
    It gets me real pissed off and it makes me wanna say
    RIMJOB!!!!!!!!!!!!

    ...Just like Richard Stallman did
    I'm rockin' the Slashdot
    Except that he is a Communist
    I'm rockin' the Slashdot
    I take the cheques and face the facts
    That VA Linux don't make computers and soon I'll get the axe

    These days
    Yeah yeah
    I'm rockin' the Slashdot
    Yeah yeah
    I'm rockin' the Slashdot
    Yeah yeah

    You'd better look out, because I'm gonna say RIMJOB
    You'd better look out, because I'm gonna say GOLDEN SHOWER
    You'd better look out, because I'm gonna say FECES
    You'd better look out, because I'm gonna say POOP

  4. Re:Sex Education by pertman · · Score: -1, Troll

    Based on this logic I assume you are for gun training for young people too? "There are guns. Young people get guns. So we should train them to use them properly not say 'guns = bad! Never touch a gun'". Is that where you are going with your argument? And don't EVEN say they are not same thing. Guns kill. AIDS and Syphilis kills. Pregnancy can kill a teenagers choices for the future. I just want to see if you are consistant with your reasoning...