Jon Lasser at Security Focus brings us:
"I am a strong proponent of full disclosure, as regular readers of this column know. However, if a hole is not actively being exploited, it's best to give developers a chance to respond. This is especially true when the package is as dominant as Apache. The thirty to forty-five days that ISS claims they typically provide to companies regarding security holes should have been observed, and would have been adequate, in this case."
(Submitted by Noel Thu Jun 27, 2002 )
Our content can be syndicated: Main page Mac Page
Copyright 1999-2005 Noel Davis. Noel also runs web sites about sailing and kayaking.
All trademarks are the property of their owners.
All articles are owned by their author