Disclosing security problems is a good idea, says Bill Thompson, except when it isn't
In the last few weeks we've seen two very different approaches to the full disclosure of security flaws in large-scale computer systems.
Problems in the domain name system have been kept quiet long enough for vendors to find and fix their software, while details of how to hack Transport for London's Oyster card will soon be available to anyone with a laptop computer and a desire to break the law.
These two cases highlight a major problem facing the computing industry, one that goes back many years and is still far from being unresolved.
Given that there are inevitably bugs, flaws and unexpected interactions in complex systems, how much information about them should be made public by researchers when the details could be helpful to criminals or malicious hackers?
BY-BBC NEWS
No comments:
Post a Comment