[funsec] Security research vuln pimps

der Mouse mouse at Rodents-Montreal.ORG
Mon Apr 26 15:47:31 CDT 2010


>> If you tell the world about a flaw in operational software/hardware,
>> you increase the pool of threat agents that know about it, increase
>> the likelihood they will attack, and increase the chance they will
>> be successful.

True...as far as it goes.

Oddly enough, you also increase the pool of people competent to fix the
issue, increase the likelihood it will be fixed promptly, and increase
the likelihood that workarounds will be deployed in cases where they
can be.

Which outweighs the other?  That depends.  But pretending the good
effects don't exist makes about as much sense as other people
pretending the bad effects don't exist.  Neither one matches reality,
and taking actions based on beliefs that disagree with reality is not a
good way to get the results you want.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse at rodents-montreal.org
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B


More information about the funsec mailing list