Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 08-23-2010, 07:40 AM   #1
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 372Reputation: 372Reputation: 372Reputation: 372
Arrow Why Vulnerability Research Matters

It seems that any time there's a high-profile incident in which a vulnerability is disclosed without a patch being available, there is an immediate and loud call from some corners to abolish the practice of vulnerability research. If researchers weren't spending their days poking holes in software, the bad guys wouldn't have so many flaws to exploit and we'd all be safer, this argument goes. But the plain fact is that all of us--users and vendors alike--are far better off because of the work researchers do.
Complete Article
Old 08-24-2010, 01:35 AM   #2
John VV
LQ Muse
Registered: Aug 2005
Posts: 15,892

Rep: Reputation: Disabled
reporting ????
well if the original devs are helpful and cooperating with the security researchers
then it should not be disclosed

if the original devs are NOT helpful and are NOT cooperating with the security researchers( stone walling and blowing off the researchers)
then YES report it to the world
Old 08-24-2010, 06:42 PM   #3
Senior Member
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778
From the article:
If researchers weren't spending their days poking holes in software, the bad guys wouldn't have so many flaws to exploit and we'd all be safer, this argument goes
I guess the same could be said about ANY product testing. If no testing were done, except perhaps for specially designed cases by the manufacturer we would have all perfect products right?

This 'attitude' sounds an awful lot like security through obscurity to me and we all know how well that works.
{edit} I read a comment about how commercial software vendors have a monetary interest in not releasing information regarding discovered vulnerabilities. Doing so could cause potential customers to question whether or not to purchase, patches and upgrades much be sent via distribution channels, etc. I know that I have seen this where I have worked. As a former boss once put it, "I can't lie about the defects that they know about, but I am under no obligation to disclose information about those that they don't". The claim was that the tendency to try and restrict this information in the hopes that nobody notices is a lot of the reason that the researchers started making this information known.

Last edited by Noway2; 08-28-2010 at 08:03 PM. Reason: Updated Information
1 members found this post helpful.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Why FOSS Matters to Me (But Maybe Not to You) LXer Syndicated Linux News 0 11-11-2009 04:00 AM
I wonder how much it matters anymore... jiml8 Linux - General 7 12-31-2008 01:07 AM
Size Matters Rick069 Linux - Software 2 04-09-2005 10:56 PM
matters with 2.6 and module :// olsimar Linux - Software 0 09-01-2003 07:25 AM
speed matters praveen_2003 Linux - Software 2 07-19-2003 12:52 AM

All times are GMT -5. The time now is 08:29 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration