On Fri, 9 Sep 2005, Dave Aitel wrote: :Andrew R. Reiter wrote: : :> On Fri, 9 Sep 2005, Dave Aitel wrote: :> :> :It's not consideration to hide the actual risk from users of the product. :> :That's just Microsoft hogwash. :> : :> :Right now, everyone knows they are at risk, and what to do about it - we can :> :stop using Firefox if we think it's a high enough risk vulnerability to do :> so. :> :This is definately better than just being in the dark for another week or so :> :until they get the patch done. :> : :> :-dave :> :> What about all those poor mom's and dad's who were encouraged to use Firefox :> but have 0 clue as to what the heck Full-Disclosure is? Seems to me your :> idea of "everyone" is misguided. :> :> Cheers, :> :> : :> :They can all now be helped by their more technically inclined family members. :This isn't an option in vendor-monopoly disclosure models, where you just have :to pray that only the vendor and a few other people know about the bug, and :they're not bothering to exploit your poor mom or dad (or yourself). :
True.. debatable, so I can't fully disagree with you. :They're probably still better off using Firefox, of course, just not completely :immune. Which you already assumed, right? I love assumptions .. of course I love pain too :P engineering pain. : :-dave : : ------------------------------------------------------------- "Natural bridges on a clean west swell, Break over the reef like a bat of out hell." -- Sublime. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/