Computerworld: Bug Disclosure, Fix Process Improving
Mar 12, 2003, 17:30 (0 Talkback[s])
(Other stories by Jaikumar Vijayan)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
[ Thanks to Jason
Greenwood for this link. ]
"Several users welcomed the growing willingness of vendors and
security researchers to work together to identify and fix software
vulnerabilities in the wake of last week's disclosure of a major
hole in a widely used e-mail protocol.
"But they also expressed concern over the practice by some in
the security community to release vulnerability information to
certain users before making it available to the public.
"Atlanta-based security vendor Internet Security Systems Inc.
(ISS) and Emeryville, Calif.-based Sendmail Inc. last week
disclosed the existence of a major buffer-overflow vulnerability in
the sendmail mail-transfer agent, which handles more than 50% of
all Internet e-mail traffic..."