Withholding A Security Patch

from the not-such-a-good-idea dept

The issue of whether or not to disclose a security hole before the software has been patched has been discussed many times - and not everyone agrees on the proper response. However, what do you do when the people who have the patch refuse to make it available? That's what apparently happened recently, when the security hole in BIND was made public. The Internet Software Consortium told people who were not on their mailing list that they needed to email them to get the patch. Then, instead of just giving them the patch, they tried to convince them to sign up for their paid support service. The move has angered a lot of people. This goes beyond simple disclosure questions into actively withholding the information needed to fix a security problem.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Name
Email	Get Techdirt’s Daily Email
URL
Subject
Comment	this is for spambots, do not use this
Options	Plain Text HTML Save me a cookie

Plain Text: A CRLF will be replaced by break tag, all other allowable HTML is intact
HTML: No formatting of any kind is done without explicitly being written in
Allowed HTML Tags: <a> <blockquote> <hr> <tt>

<< Microsoft Wants Your Cellphone | Backup Brain For Real? >>

Search Techdirt

And now, a word from our Sponsors..

15% off discount for Techdirt Readers

Subscribe to Techdirt's Daily Email Newsletter