North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Reasons why BIND isn't being upgraded
- From: Bill Woodcock
- Date: Fri Feb 02 12:07:11 2001
On Fri, 2 Feb 2001, Patrick Greenwell wrote:
> By the same token one might argue that atempting to hide vunerabilities
> to those paying you for "early warnings" doesn't help at all.
Not at all... If you're trying to hide a vulnerability by lying about
your version number, that presupposes generally-held knowledge of an
association between a vulnerability and a version number.
"Early warning" is specifically a means of delaying the general
availability of knowledge of that association.
These are temporally sequential states. Not comparable strategies within
the same context.