Sybase Practices Dumb Security
From Computerworld:
A threat by Sybase Inc. to sue a U.K.-based security research firm if it publicly discloses the details of eight holes it found in Sybase’s database software last year is evoking sharp criticism from some IT managers but sympathetic comments from others.
I can see why Sybase would prefer it if people didn’t know about vulnerabilities in their software—it’s bad for business—but disclosure is the reason companies are fixing them. If researchers are prohibited from publishing, then software developers are free to ignore security problems.
Israel Torres • April 1, 2005 1:34 PM
“Kim Milford … In such cases, “hackers tend to benefit the most from the release of technical details” about security vulnerabilities, she said.”
Oh no Kim… everyone benefits. Disclosure is like exposure to the elements. If it doesn’t kill you it only makes you stronger. Only by keeping it quiet does it becomes a malicious cancer that will only prove regret in the future.
Israel Torres