Withholding A Security Patch

from the not-such-a-good-idea dept

The issue of whether or not to disclose a security hole before the software has been patched has been discussed many times – and not everyone agrees on the proper response. However, what do you do when the people who have the patch refuse to make it available? That’s what apparently happened recently, when the security hole in BIND was made public. The Internet Software Consortium told people who were not on their mailing list that they needed to email them to get the patch. Then, instead of just giving them the patch, they tried to convince them to sign up for their paid support service. The move has angered a lot of people. This goes beyond simple disclosure questions into actively withholding the information needed to fix a security problem.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...