Are embargoes on (open source) security bugs needed? Only in the most extreme cases, @kurtseifried argues https://securityblog.redhat.com/2015/06/10/the-hidden-costs-of-embargoes/ …
-
-
Replying to @virusbtn
@virusbtn@kurtseifried You're arguing that you're bad at private fixes, not that private fixes aren't good2 replies 1 retweet 3 likes -
Replying to @dakami
@virusbtn@kurtseifried "Why can't security fixes be like performance fixes" well because private customer data isn't at stake with perf2 replies 1 retweet 1 like -
Replying to @dakami
@virusbtn@kurtseifried bugzilla figured out security flagging a long time ago1 reply 0 retweets 0 likes -
Replying to @dakami
@dakami@virusbtn@kurtseifried single vendor issues != multi-vendor or 'library' issues, at all1 reply 0 retweets 0 likes -
Replying to @attritionorg
@attritionorg@virusbtn@kurtseifried in open source nothing is single vendor as per distros (outside of cms)1 reply 0 retweets 0 likes -
Replying to @dakami
@dakami@virusbtn@kurtseifried big difference between product + linux vendors -vs- protocol / huge library (e.g. openssl). can't compare2 replies 0 retweets 0 likes -
Replying to @attritionorg
@attritionorg@virusbtn@kurtseifried decisions aren't free1 reply 0 retweets 0 likes -
Replying to @dakami
@dakami@virusbtn@kurtseifried wrong. decisions are free. the resulting fallout is where the costs add up.1 reply 0 retweets 0 likes -
Replying to @attritionorg
@attritionorg@virusbtn@kurtseifried decision fatigue is well documented.3 replies 0 retweets 0 likes
@dakami @virusbtn @kurtseifried sure, and not speaking to my point where the cost really lies.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.