Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994

Gene Spafford (spaf@cs.purdue.edu)
Mon, 28 Nov 1994 02:20:39 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: [8LGM] Security Team: "[8lgm]-Advisory-12.UNIX.suid_exec.27-Jul-1991"
Previous message: [8LGM] Security Team: "[8lgm]-Advisory-15.UNIX.mail3.28-Nov-1994"
In reply to: Dave Brookshire: "Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994"
Next in thread: Jonathan M. Bresler: "Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994"

> I think that the biggest pro of full disclosure, is that it get's people 
> off their butts and gets a good solution or patch that much faster.

I have yet to see evidence of this.  Based on my conversations with personnel 
at various computer companies, the only thing full disclosure seems to do is 
(sometimes) encourage them to release bug fixes without quite as much testing. 
 This sometimes leads to patches that don't completely fix the problem.  That 
is not a "good solution."

If anyone can provide me with verifiable evidence that full disclosure results 
in faster production of patches of good quality, I would be very interested in 
seeing it.  Otherwise, it's just wishful thinking.

--spaf

Next message: [8LGM] Security Team: "[8lgm]-Advisory-12.UNIX.suid_exec.27-Jul-1991"
Previous message: [8LGM] Security Team: "[8lgm]-Advisory-15.UNIX.mail3.28-Nov-1994"
In reply to: Dave Brookshire: "Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994"
Next in thread: Jonathan M. Bresler: "Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994"