Irresponsible Bug Disclosure.(Microsoft Corp.'s Internet Explorer has bug discovered by Michal Zalewski)

Publication: eWeek

Bookmark this article Print this article Link to this article Email this article Digg It! Add to del.icio.us RSS

COPYRIGHT 2006 Ziff Davis Media Inc.

It's a free country. You're allowed to say all kinds of distasteful and offensive things, especially when you're telling the truth. And you're allowed to disclose security vulnerabilities in IT products. But there's still a right way and a wrong way to do it.

Michal Zalewski has problems with Microsoft. He thinks Microsoft doesn't cooperate with the security research community, that in fact it abuses that community, that it disserves its customers and doesn't take security seriously.

For all this, when he discovered a bug in Internet Explorer that caused it to crash, he decided not to disclose it to Microsoft through the normal channels (secure@microsoft.com) but instead to disclose it publicly on the popular Full-Disclosure mailing list.

It's important to note at this point that, for all the use...

Read the full article for free courtesy of your local library.