Are embargoes on (open source) security bugs needed? Only in the most extreme cases, @kurtseifried argueshttps://securityblog.redhat.com/2015/06/10/the-hidden-costs-of-embargoes/ …
-
-
@taviso@kurtseifried@virusbtn The argument that "Oh, it's too hard to keep bugs secret, let's not" doesn't fly -
- 7 more replies
New conversation -
-
-
@taviso@kurtseifried@virusbtn You can make an argument for comprehensiveness though, certainly. -
@taviso@kurtseifried@virusbtn "We'd have to patch our bug tracker to support ACLs" well patch it or don't claim quality - 7 more replies
New conversation -
-
-
@taviso@kurtseifried@virusbtn I don't see in internal Microsoft or Adobe or even *JAVA* bugs leaking before patch release. -
@dakami@taviso@kurtseifried@virusbtn it is much easier for a single company to keep issues confidential compared to large groups of them - 3 more replies
New conversation -
-
-
@taviso@dakami@kurtseifried@virusbtn failed embargo that leaks the info to bad guys early seems worst or the same as std disclosure no ?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.