Stupid Security Tricks?
I'm not sure whether this new trend is stupendous or just plain stupid. You be the judge.
December 18, 2006
I'm not sure whether this new trend is stupendous or plain stupid. You be the judge.
First came "The Month of Browser Bugs," and it caused quite a stir, plus is exposed a lot of security problems in browser as was fully intended. Fine.
Then came "The Month of Kernel Bugs," which revealed a range of problems in various platforms, including Windows and Windows-relate products.
Next, someone announced "The Month of Oracle Database Bugs," but for some undisclosed reason that project was cancelled before it ever started. We might be able to discern at least two possible reasons on our own anyway.
And now here we go again with the upcoming "Month of Apple Bugs" slated to begin in January 2007. This is supposedly to help people stop thinking that Apple computers are bullet-proof. Ya right. This makes no sense to me. Most Apple users are not technically inclined and thus they are as oblivious to computer security as are millions of Windows users. So how would an security-oblivious person even be able to think their OS X system is bullet proof. Sure, there are a handful (out of the millions) of Apple users who might, maybe, think their OS X is bullet proof. Just like a handful of Windows users do.
On the one hand this trend of disclosing security problems is beneficial since it does help get problems fixed. On the other hand, millions upon millions of people are put at risk when the bugs become public knowledge before patches are available.
Granted, vendors sometimes take forever and day to fix security problems. But do the bugs have to be exposed completely in order to get a vendor's attention. Would it suffice to post extremely vague info to show that the bugs exist and that specific vendors are dragging their feet about fixing the problem?
I tend to think that there is another, deeper, yet mostly superficial motive behind these "Month of Bugs." I think the motive is directly related to a need for personal attention (grandstanding). This assertion that "I'm doing to help people" seems like a bunch of nonsense.
But that's just my opinion. And certainly I've been wrong plenty of times.
About the Author
You May Also Like