Sun 22 May 2005
Chris Aillon got Slashdotted.
I love it when blogs stop being polite and start getting down to it 
. Actually much of it just gets blown out of proportion. It is great when there are comments like “Wait for vendors? Then that is another day we remain vulnerable”. Hint, the bug has been there for much longer, another 24 hours to QA the beast is not unreasonable. Another hint, most people won’t even notice the new release within 24 hours. Having vendors be notified and giving them a reasonable amount of time to deal with it actually mitigates the risk. If the bug is already public that is another story. Security is a collaborative effort.
