In my post, I never said wether it only applied to Mozilla or Microsoft.:-) I was talking in general - something that applies to most companies. I'm sorry if I gave the impression that it only applied to Mozilla.
Any software maker does not want to post details on how the vulnerability can be reproduced, as that's basically like waving a giant, red flag and yelling "come and get me"
On the flip side, it could work against Mozilla. An attacker has all the source code to find some hidden vulnerability and then not report it. In IEs case, at least exploits must be stumbled upon.
All in all, I think open source is still the way to go. If one attacker can find it, one contributor probably can too!
This is a good thing. You don't want vulnerabilities seeping out as then someone can exploit them. If they remain quiet until a patch is out, there won't be a stage of 'fear and panic'.
Can't we work together? If we would work together, we (well, they) would have found that planet twice as fast.
If the world could unite together, we could probably send a man to Mars soon. Sometimes competition isn't a good thing.
This is one of those things that history classes 100 years from now will look back upon and someone will ask: "Why would they ever give the president so much power?":-)
Slashdot Mirror
1) Yes
:-) I was talking in general - something that applies to most companies. I'm sorry if I gave the impression that it only applied to Mozilla.
2) No
In my post, I never said wether it only applied to Mozilla or Microsoft.
Any software maker does not want to post details on how the vulnerability can be reproduced, as that's basically like waving a giant, red flag and yelling "come and get me"
On the flip side, it could work against Mozilla. An attacker has all the source code to find some hidden vulnerability and then not report it. In IEs case, at least exploits must be stumbled upon.
All in all, I think open source is still the way to go. If one attacker can find it, one contributor probably can too!
This is a good thing. You don't want vulnerabilities seeping out as then someone can exploit them. If they remain quiet until a patch is out, there won't be a stage of 'fear and panic'.
What about the Grand Canyon display?
Can't we work together? If we would work together, we (well, they) would have found that planet twice as fast. If the world could unite together, we could probably send a man to Mars soon. Sometimes competition isn't a good thing.
It's probably already been about a year since this case started... (I don't know when it began).
This is one of those things that history classes 100 years from now will look back upon and someone will ask: "Why would they ever give the president so much power?" :-)