subject: Security Flaws, Hanging Them Against The Big Clock [print this page] It does not hurt when one of going public with the vulnerability of a certain piece of software when there are only three or four users of the software worldwide. But there is a problem if billions of people using the software.
Been seen flashing a vulnerability at all, more people at risk, as would be the case if you kept quiet. Who are you really doing a favor? Users? Potential users? The software company? No, not one of them. They make the work of hackersand people take advantage of the mistakes that much easier. Are, in fact, you do the homework for them and feed their dark thoughts with sensitive information.
Many people feel software companies give a blow with the announcement of deficiencies in the wild. You get the chance, even with the company you hate the most. But is this really a negative influence on the really big companies? Yes, I agree with smaller companies the impact will be much harder than the bigger feelBut the big guns tend to controversy, because advertising is a free way of marketing your product. You can not impress everyone, but if the word gets out, the product's name to be mentioned, that's for sure. To take an action, only it look like you really care.
Companies like Microsoft and Google are making huge mistakes with their products, but almost everyone seems to support it. It will take some big flops in order to make people lose confidence in the companylike this. This article is a good example, I'm not a big fan of Microsoft products. I prefer open-source products because most of the time they are safer and more effective. But Microsoft name is mentioned. Google was doing things right, until all their fame and success came in the mind. Today, they are disappointing thousands of search engine users, webmasters and advertisers, but the people still with their products.
You can use the company a temporary shock, the followingpublic right of way, but in the end you are creating new opportunities for them to make something good out of something bad. Your efforts will be futile, and help in the end, creating more problems for the software community as them.
Why do people think it's a good thing to go public with security holes? It is because of thinking in terms of the open source community. The only way to an open source application is determined by using public mistakes. The open source community comes withFixes for their applications in no time, because it was a huge pool of contributions to the community. Unfortunately you can not be that way with a closed-source applications. You are at the mercy of the software company to get fixed the problem. But you are not a lot of things easier for them by a fire in the woods. Insert at the end of fires, rather than focusing on the root of the problem. The result appears to be patching the software until a new error. More patching isDone until the next failure, and the process repeats itself over and over again until you are stuck with a patched application that is not yet threatening the battle of security vulnerabilities. You can always patching the software, but the patches are the real nightmare.
Patches are the result of poor development in the first place and impatient in the second place. I agree it is not the responsibility of the user to debug the software, you pay for the software so that the software companycan pay their testers to properly fulfill their duties. So what's the bottom line here? Are the intentions of the closed-source users the same as open-source users, if they go public with security holes? Certainly not. Closed-source users do it out of frustration with the software companies, while open-source users are looking for a solution to a threat too.
