[H-GEN] Open source firm releases patch for IE spoofing flaw
Trent Waddington
s337240 at student.uq.edu.au
Thu Dec 18 22:44:36 EST 2003
Nick Kwiatkowski wrote:
For people who _have_ to use/manage IE, in a nice twist (since MS
will not
be releasing patches for DEC,) an open source firm releases patch for IE
spoofing flaw......
I predicted that this would start happening. In a paper we published at the Working Conference on Reverse Engineering 2001 I made the claim that the current process of security flaw reporting and correction was too slow and that increased availability and sophistication of reverse engineering tools would facilitate the creation of third party patches.
Hopefully this will become a continuing practice, with security firms developing patches weeks or months before vendors. A particular security company might become renouned for high quality and timely patches. Such a company could charge a premium for their patches which they would then only release to paying customers. This would lead to an open market for security, instead of the top down vendor response driven market place of today.
Trent
More information about the General
mailing list