June 18, 2010


There has been some interesting press around the responsible disclosure debate lately, mainly initiated by a recent vulnerability discovered by my colleague, Tavis Ormandy. Tavis is one the most skilled and devoted security researchers I know. The guy spends a good chunk of his free time finding and patching security bugs in important software... for free. While his opinions on what constitutes responsible disclosure may not match Microsoft's, I don't consider his motives evil, certainly not meant to aid attackers, and in no way influenced by Google. It disappoints me to see he's taken such a one-sided beating lately, so if you're at all familiar or interested in the debate, make sure you read a view of the other side.

Image courtesy of lcamtuf.

No comments: