Reflecting On Linux Security In 2003

Full Version: Reflecting On Linux Security In 2003

GovernmentSecurity.org > General GSO > In The News

GSecur

Dec 24 2003, 03:48 PM

When it comes to 2003 I think we can call it "the year of the patch" with the security community paying close attention to what is patched in what period of time. In an interesting column about security fixes, SecurityFocus columnist Hall Flynn notes that he doesn't understand why Linux vendors that put so much time and money into creating security patches distribute them for free.

Marcel Gagne has a different view of the situation: "My initial reaction to the question of why a company would spend money supplying security fixes is "why shouldn't they?" It's called being a good corporate citizen. If you distribute something that is flawed and that flaw may endanger your customer's data, you have some responsibility to right that oversight. You might distribute EULAs with your software that says "we aren't responsible to anything that might occur on your system as a result of using this software", but you still have a "moral" obligation if nothing else."
more>>

tomer_shim

Jan 2 2004, 08:54 AM

tnx for the info

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Reflecting On Linux Security In 2003 GovernmentSecurity.org > General GSO > In The News GSecur Dec 24 2003, 03:48 PM When it comes to 2003 I think we can call it "the year of the patch" with the security community paying close attention to what is patched in what period of time. In an interesting column about security fixes, SecurityFocus columnist Hall Flynn notes that he doesn't understand why Linux vendors that put so much time and money into creating security patches distribute them for free. Marcel Gagne has a different view of the situation: "My initial reaction to the question of why a company would spend money supplying security fixes is "why shouldn't they?" It's called being a good corporate citizen. If you distribute something that is flawed and that flaw may endanger your customer's data, you have some responsibility to right that oversight. You might distribute EULAs with your software that says "we aren't responsible to anything that might occur on your system as a result of using this software", but you still have a "moral" obligation if nothing else." more>> tomer_shim Jan 2 2004, 08:54 AM tnx for the info This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.