Torvalds on the Linux Security Process

Posted by michael on Friday January 14, 2005 @03:20AM from the lockdown dept.

darthcamaro writes "Linus Torvalds thinks that Linux kernel security disclsoure should be completely open and he really doesn't like the vendor-security model of having a time embargo on security disclosure. 'I think kernel bugs should be fixed as soon as humanly possible, and any delay is basically just about making excuses,' Torvalds wrote. 'And that means that as many people as possible should know about the problem as early as possible, because any closed list (or even just anybody sending a message to me personally) just increases the risk of the thing getting lost and delayed for the wrong reasons.'"

1 of 280 comments (clear)

Min score:

Reason:

Sort:

Re:You should listen to him... by MBAFK · 2005-01-14 03:39 · Score: 5, Informative

The systems would still be vulnerable with no patch available. The administrators might not know there was a vulnerability but an attacker may know about it.
Keeping it a secret might put you at a greater risk - you don't know you might be in trouble but the bad people know about the problem.
So reducing the number of people who know about the problem could make it worse rather than better.