Xen Cloud Fix Shows the Right Way To Patch Open-Source Flaws

Posted by timothy on Thursday October 2, 2014 @02:50AM from the steady-as-she-goes dept.

darthcamaro writes Amazon, Rackspace and IBM have all patched their public clouds over the last several days due to a vulnerability in the Xen hypervisor. According to a new report, the Xen project was first advised of the issue two weeks ago, but instead of the knee jerk type reactions we've seen with Heartbleed and now Shellshock, the Xen project privately fixed the bug and waited until all the major Xen deployments were patched before any details were released. Isn't this the way that all open-source projects should fix security issues? And if it's not, what is?

2 of 81 comments (clear)

Min score:

Reason:

Sort:

"Gave them time" not "Waited" by martyros · 2014-10-02 02:55 · Score: 4, Funny

The XenProject security process gives them time to patch their systems (in this case, 2 weeks). If you don't have your stuff patched by then, they won't wait for you.

--
TCP: Why the Internet is full of SYN.
Re:Ignorance is not bliss by Chrisq · 2014-10-02 03:14 · Score: 4, Funny

Ignorance is not bliss
I didn't want to know that!