Mozilla: Hackers control bug disclosure

Software makers are at the mercy of bug hunters when it comes to flaw disclosure, Mozilla's security chief said Saturday.

The software industry for years has pushed guidelines for vulnerability disclosure. Those "responsible disclosure" efforts have had some effect, but security researchers maintain control over the process, Mozilla Security Chief Window Snyder said in a panel discussion at the ShmooCon hacker event here.

"The researcher has all the power," Snyder said. "They control when they disclose it, and they control the idea whether or not the vendor responds in time." Mozilla: Hackers control bug disclosure | CNET

Linked by shanmuga Tuesday, 3rd April 2007 1:08AM