Jon Lasser on the Mozilla Security Bugs Policy
Thursday October 10th, 2002
Ismail Donmez writes: "Jon Lasser on SecurityFocus has an interesting article about mozilla.org's security policy." The column discusses the accusations that mozilla.org is covering up security holes and questions whether every bug actually needs wide publicity. As always, mozilla.org's security bugs policy is available online.
#5 oh, that example bug was SO DANGEROUS, right...
Sunday October 13th, 2002 7:20 AM
You are replying to this message
Are you referring to the privacy issue with the referrers' bug ? I really don't get why people get so excited at calling it a serious security flaw, when: 1.it happens only in some special situations 2.it doesn't give anything to exploit except an URL.
And I do believe that many people who publicly disclose security bugs should be held responsible when they also disclose ways to exploit them and no help in no way to fix them.