From the article:
Quote:
If researchers weren't spending their days poking holes in software, the bad guys wouldn't have so many flaws to exploit and we'd all be safer, this argument goes
|
I guess the same could be said about ANY product testing. If no testing were done, except perhaps for specially designed cases by the manufacturer we would have all perfect products right?
This 'attitude' sounds an awful lot like security through obscurity to me and we all know how well that works.
{edit} I read a comment about how commercial software vendors have a monetary interest in not releasing information regarding discovered vulnerabilities. Doing so could cause potential customers to question whether or not to purchase, patches and upgrades much be sent via distribution channels, etc. I know that I have seen this where I have worked. As a former boss once put it, "I can't lie about the defects that they know about, but I am under no obligation to disclose information about those that they don't". The claim was that the tendency to try and restrict this information in the hopes that nobody notices is a lot of the reason that the researchers started making this information known.