Home > Security > Full disclosure… or not?

Full disclosure… or not?

September 26th, 2009 Leave a comment Print Print Go to comments

One of the biggest problems I face sometimes is what should I do when I find a bug. I recently found a bug at the linux kernel version 2.6.30, which was fixed at 2.6.31, but I only told it to a friend of mine. Posting the description to a mailing list or at my blog would mean that everybody could write an exploit and use it to hack into systems. I could also write a patch which could be merged at the next release. For the moment I chose not to do anything until the next kernel release and if it wasn’t fixed I would then decide what should I do.
I face the same problem when I write security related programs. For example, a rootkit that can be used for malicious purposes can also be used to demonstrate bugs at the design of an operating system. Should a program like this be released?
I have created the following two polls. I believe that the results are going to be very interesting!

Categories: Security Tags:
  1. October 14th, 2009 at 20:45 | #1

    NO MORE FREE BUGS!

  2. argp
    October 19th, 2009 at 09:11 | #2

    @thanasisk

    no roar more rugs

  1. No trackbacks yet.

This site is using OpenAvatar based on

*

SEO Powered by Platinum SEO from Techblissonline
%d bloggers like this:

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close