Sybase Practices Dumb Security
A threat by Sybase Inc. to sue a U.K.-based security research firm if it publicly discloses the details of eight holes it found in Sybase's database software last year is evoking sharp criticism from some IT managers but sympathetic comments from others.
I can see why Sybase would prefer it if people didn't know about vulnerabilities in their software -- it's bad for business -- but disclosure is the reason companies are fixing them. If researchers are prohibited from publishing, then software developers are free to ignore security problems.
Posted on April 1, 2005 at 1:24 PM • 12 Comments