Mozilla says security researchers wield too much power
San Jose (CA) - Mozilla’s security chief Window Snyder has said that software developers are at the mercy of bug hunters where disclosure of critical flaws in programs is concerned. She is calling on security researchers to follow a universal responsible bug disclosure policy which would allow software developers time to fix a bug before it is made known to the public and malicious hackers alike.
"The researcher has all the power," Snyder said at a panel discussion during the ShmooCon hacker event on Saturday. "They control when they disclose it, and they control the idea whether or not the vendor responds in time...I would appreciate 30 days, but I will take what I can get."
The debate on disclosure of bugs has raged for years ; on the one hand responsible vendors want time to fix bugs before they are made known to the world. On the other hand responsible security researchers can be frustrated when vendors sit on an unannounced bug which would be too costly to fix without a very good reason (like a lot of hackers knowing about it.)
- Taiwan maker Tatung to set up new subsidiary for WiMAX business
- Samsung holds off SD card sales amid soaring NAND flash prices
- Toshiba lands more NAND flash orders from Apple
- Mitac buys Navman PND business for $16 million
- PS3 unable to surpass Xbox 360 until mid-2008, say Taiwan game firms
- Many Americans don't care about the Internet - survey
- Oracle Buys In-Memory Data Grid Company Tangosol
- Panda Software's Vista Security Suite Beta
- Transceiver Module with 80km Reach from EMCORE
- Best Buy to sell Apple TV box
- Helio announces new "Ocean" phone
- XM and Sirius file FCC papers
- IBM develops 160 Gigabit per second optical chip
- HMV slams Sony's aPlayStation 3 PR "stunt" as desperate
- Mexican governor orders Ghost Recon Advanced Warfighter 2 seizure
- First vulnerability in Vista's Windows Mail discovered
- PS3 Folding@Home hits nearly 40,000 users in three days
- XFX debuts motherboards for Intel FSB1333 processors
