Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 26 Jul 2015 07:55:54 +1000 (EST)
From: Dave Horsfall <dave@...sfall.org>
To: oss-security@...ts.openwall.com
Subject: Re: Qualys Security Advisory - CVE-2015-3245 userhelper
 - CVE-2015-3246 libuser

On Sat, 25 Jul 2015, Leif Nixon wrote:

> What many people don't seem to realize is how much the availability of 
> ready-to-run exploits increases the risk to innocent bystanders.

Although a supporter of full disclosure (it was the only way to get MS to 
fix their egregious bugs), I'd be really pissed off if I woke up one 
morning to find my system r00ted because some idiot got his jollies by 
announcing the exploit at the same time as the patch.

What would be a reasonable interval (for some definition of "reasonable") 
in that case?  24 hours?  48 hours?  0 hours?

I seem to recall that we had this discussion a few years ago...

-- 
Dave Horsfall DTM (VK2KFU)  "Those who don't understand security will suffer"
Watson never said "I think there is a world market for maybe five computers."

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ