Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 22 Jan 2018 11:41:56 -0800
From: Ian Zimmerman <itz@...y.loosely.org>
To: oss-security@...ts.openwall.com
Subject: Re: How to deal with reporters who don't want their bugs fixed?

On 2018-01-22 17:20, Mikhail Utin wrote:

>> Keeping it individual without public announced maximum embargo time
>> would also help prevent folks from jumping to 0daying everything per
>> default:)

> However, to me it is pure "Security by Obscurity" in a bit different
> wording. It never worked. Simply think that somebody else knows the
> secret and with your help continues using that.

I think you misunderstand the parent post.

Nobody is proposing that the embargo period for any _particular_ issue
be secret.  The proposal in the parent post was to not have a public
general embargo policy for _all_ issues present & future.

-- 
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet, fetch the TXT record for the domain.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ