Linux Today: Linux News On Internet Time.

The Register: All Bugs are Created Equal

Dec 12, 2002, 22:00 (1 Talkback[s])
(Other stories by John Leyden)

"Security tools vendor ISS has promised to handle security vulnerabilities affecting open source and Windows platforms the same way following criticism of its premature disclosure of open source security problems.

"In recent months, sections of the security community allege that ISS has jumped the gun in releasing information on flaws within a Solaris font daemon, BIND and (most notably) Apache ahead of the widespread availability of a fix. Critics argue ISS acted out of self-promotion rather than the interests of the wider Internet community.

"ISS strongly denies this but admits to mistakes in its approach which it addresses through revised vulnerability disclosure guidelines..."

Complete Story

Related Stories: