Reporting security vulnerability
Steve Dodier-Lazaro
sidnioulz at gmail.com
Fri Jun 7 12:50:07 CEST 2013
Jereon,
I think you're being confused. It is a very common and logical practice to
let developers write a fix before disclosing a bug that might yet have to
be exploited, so that users have a protection available when disclosure
occurs. Bugs are usually disclosed without fix only when the software
maintainer refuses to provide one.
"Security" by obscurity refers to trying to make something "hard" to
exploit by hiding information, using awkward architecture designs, this
kind of stuff.
Cheers,
--
Steve Dodier-Lazaro
Information Security Research Group
University College London
Free Software Developer
OpenPGP : 1B6B1670
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.xfce.org/pipermail/xfce4-dev/attachments/20130607/f767400b/attachment.html>
More information about the Xfce4-dev
mailing list