OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: RE: [suse-security] SuSE Security Announcement - make-3.77
From: Daniel R. Gilliam (drgilliarunet.edu)
Date: Sun Feb 27 2000 - 22:48:07 CST

> Fixing holes in software isn't as easy as just poping down to the shops to
> buy a new lock. If the problem affects quite a few people, and isn't
> fixable in a short space of time (time varies depending on severity),
> notify people then they can take steps to improve their security while the
> fix is being worked on, and may even help with the fix. A lock is not the
> only way to prevent access to your home, other steps can be taken if you
> suspect the lock may well be bypassable. If you aren't aware of the
> problem, you can't work around it, you can't take steps to fix it, you
> just keep on relying on it.

Following the same logic, it's not always as easy to protect your system if
there is a known hole, as it is for you to fix the security of your house in
the event of a broken lock. In fact, you assume that you always can fix it
yourself, or find a way to get around the bug until it is fixed. But let's
face it, sometimes there's really nothing you CAN do until the vendors
release a fix. So, on those lines, I still hold that it's better to be
quiet than it is to let all of the hackers know.

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com