Hack The Planet

Because if you don't, who will?

Friday, June 11, 2010

What is responsible disclosure?

There is a lot of heat coming down on Google Security Researcher Tavis Ormandy after he released an code to exploit Microsoft Windows XP just five days after alerting M$ to the vulnerability. There is also rumor that is was done to fuel the fire already going between M$ and Google.

I know that there is a lot of bickering between the different giants of technology but I don’t believe that Google would go so far as to have an employee post an exploit just to make a point. It is more likely that “Ormandy seems to believe Microsoft, which is not exactly known for the speed of its responses to security (and many other) issues, would never have acted to patch this hole unless he, or someone else, had also provided code to exploit it.”

Many security experts feel this way but to release the exploit into the wild after only five days is really irresponsible because the people you are really hurting are the folks that get their computers compromised, not M$.

posted by holliday at 10:12 am  

Powered by WordPress