Timing Security Flaws

Sunday, January 31. 2010

Timing Security Flaws

There has been a lot of stories lately about the famous Google Attack. It's now becoming known that the flaw used was in IE, was reported in September, and was going to be fixed in February.

It's always tricky for vendors to juggle security flaws, but there are always two very important things to keep in mind. The first being that if someone reported the flaw to you, it's not an internal only secret, people generally suck at keeping secrets. It's very likely they have or will tell someone else.

The second important thing is that it's probable someone else found it at the same time.There have been numerous documented instances thorough history, where an important discovery is made by multiple people at the same time. It's not uncommon for the same security flaw to be found by two different people. With six billion people on the planet, there is plenty of room for overlap.

The real lesson here is that if you know about a critical security flaw, don't sit on it, fix it ASAP, even if you think you have plenty of time.

Posted by Josh Bressers in Security at 15:33 | Comments (0) | Trackbacks (0)

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	Enclosing asterisks marks text as bold (word), underscore are made via _word_. Standard emoticons like :-) and ;-) are converted to images. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above: BBCode format allowed
	Remember Information? Subscribe to this entry