A plea for an end to Months of Irresponsible Disclosure


In 2006, researchers such as HD Moore and LMH have initiated projects that announce one new security bug a day for an entire month. Each bug released for that month relates to a specific type of program or operating system component. For example, Moore kicked off this concept with the Month of Browser Bugs (MoBB) and LMH followed up with the Month of Kernel Bugs (MoKB). More recently, Cesar Cerrudo announced a similar project he called the Week of Oracle Database Bugs (WoODB), which he later cancelled for reasons he did not share (many speculate that Oracle pressured him).

A few days ago, Kevin Finisterre announced that he will make January 2007 the Month of Apple Bugs (MoAB). Finisterre and the team responsible for Month of Kernel Bugs intends on releasing an Apple-related security bug every day. According to these researchers, they hope to dispel the perception that Apple doesn't suffer from the security vulnerabilities that Windows does. Finisterre has also announced his intent to announce bugs that Apple is unaware of.

Are these bug-a-day revelations helpful to Internet security, or harmful? WatchGuard Wire: RSS Feed | WatchGuard Technologies, Inc.

Linked by shanmuga Thursday, 21st December 2006 10:59PM