Thread: Sending of Hacks to the Graveyard
View Single Post
  #122  
Old 07-26-2007, 10:10 PM
quiklink quiklink is offline
 
Join Date: Jun 2007
Posts: 81
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by hambil View Post
I don't know who you think is suggesting this, but as far as I know nobody has. Some of us have suggested a short delay (in my case I suggested 24 hours) between when the author is contacted and the alert is sent out, and that's assuming the knowledge hasn't gone public (been announced by someone in the hack thread, for example).
How do you possibly justify leaving an end user vulnerable for even 24 hours after you have become aware of a security flaw in your code? What part of this do you not get? What right do you possibly believe you have to put someone at continued risk for a security flaw on their system due to your improper coding? Let not stop to forget the legal implications to both the coder and Jelsoft. Sorry, a disclaimer saying 'we take no responsibility...' doesn't usually fly to well in court if you knowingly allow it to happen.

It would be like a food processor saying 'lets wait a day or two and see if we can find the problem and get it fixed before we notify the public that our food has been contaminated. I doubt anyone will get sick'...

Nobody likes to admit there is a problem, and yes it might even have a financial impact if you are selling the product. But you have an obligation to notify those who are at risk as soon as you find out about it.
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01353 seconds
  • Memory Usage 1,764KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete