Okay, if we are so keen to make distinctions, how about this one?
In the recent WMF 0day, it was indeed a feature. But it was a security
vulnerability non-the-less. PR-ing it as a feature was indeed, PR.
Cisco released a security advisory, advising that a default root
password is a "vulnerability" rather than a built-in feature. :)
It seems that people often enjoy making the distinction for putting the
right spin on things. Myself, I like this quote:
"Any sufficiently advanced bug is indistinguishable from a feature".
A spin on Arthur C. Clarke's 3rd law.
I learned just a few months ago (last year :) ) that it was coined 20
years ago by someone many of us know: Rich Kulawiec.
What is your take on this, should this be a huge argument as well? :)
Gadi.
_______________________________________________
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php