Linux Today: Linux News On Internet Time.

CNET News: Patch Slipup Raises Security Questions

Nov 22, 2002, 08:00 (13 Talkback[s])
(Other stories by Robert Lemos)

"The questionable handling of a fix for a recent widespread software vulnerability has some administrators worried that developers can't be trusted to make security a top priority.

"Last week, the Internet Software Consortium withheld the patch for a critical flaw in the domain name system (DNS) software from a large number of researchers, asking instead that each person send the organization an e-mail request in order to get the fix. The software, known as the Berkeley Internet Name Domain (BIND) program, performs a critical function as the address book for the Net...

"The ISC's flub is the latest incident to call into question whether software companies, security researchers, and open-source development groups can be relied on to responsibly handle the vulnerabilities found in the software that forms the foundation of the Internet..."

Complete Story

Related Stories: