Topic 'Flaws,exploits and zero-days should they be kept secret?' in forum 'Security'

Topic 'Flaws,exploits and zero-days should they be kept secret?' in forum 'Security' - dslreports.com http://www.dslreports.com/forum/Flawsexploits-and-zerodays-should-they-be-kept-secret-23306191 en Fri, 10 Feb 2012 14:24:17 EDT Fri, 10 Feb 2012 14:24:17 EDT Re: Flaws,exploits and zero-days should they be kept secret? http://www.dslreports.com/forum/Re-Flawsexploits-and-zerodays-should-they-be-kept-secret-23306429
Immediately notify the developers of the affected software. Ideally, the developers will start working on a solution.

Notify the general public when any of the following have occurred:
(a) the developer has an effective solution that is ready to be put in place;
(b) information on the flaw has already leaked, so the public needs to be warned;
(c) substantial time has passed, the developer does not seem to be working on the problem, and publication is the only way to put pressure on the developer.

It is my impression that such practices are already followed by many.
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 11.0; firefox 3.0.15]]> http://www.dslreports.com/forum/Re-Flawsexploits-and-zerodays-should-they-be-kept-secret-23306429 Sat, 07 Nov 2009 13:26:07 EDT Re: Flaws,exploits and zero-days should they be kept secret? http://www.dslreports.com/forum/Re-Flawsexploits-and-zerodays-should-they-be-kept-secret-23306269 http://www.dslreports.com/forum/Re-Flawsexploits-and-zerodays-should-they-be-kept-secret-23306269 Sat, 07 Nov 2009 12:43:19 EDT Re: Flaws,exploits and zero-days should they be kept secret? http://www.dslreports.com/forum/Re-Flawsexploits-and-zerodays-should-they-be-kept-secret-23306248 If i find an exploit, that means that all the people that are smarter than me will also find it at some point.. I would notify the manufacturer, give them some time to react (say, 30 days) - THEN publish it (without exact details)..]]> http://www.dslreports.com/forum/Re-Flawsexploits-and-zerodays-should-they-be-kept-secret-23306248 Sat, 07 Nov 2009 12:36:45 EDT Flaws,exploits and zero-days should they be kept secret? http://www.dslreports.com/forum/Flawsexploits-and-zerodays-should-they-be-kept-secret-23306191
The YES camp: with the less people who know the easier it is to fix (and pretend it was never there). Point of view

The NO camp: With the more its published the faster it'll get fixed (sadly many more people will be affected, till it is). attitude

so whats your take and what camp are you in?

BTW if an argument makes you change your mind in either direction that would be interesting]]> http://www.dslreports.com/forum/Flawsexploits-and-zerodays-should-they-be-kept-secret-23306191 Sat, 07 Nov 2009 12:23:07 EDT