The Register® — Biting the hand that feeds IT

Comments on: Yahoo! patch squashes messenger bug

Register! Yahoo! Headline! Missing! Exclamation Marks! 

By Garry Posted Saturday 9th June 2007 12:36 GMT

What went wrong with the headline guys? Next you'll probably forget your hatred of Kevin Warwick and write a nice review of his new book.

Model? 

By davcefai Posted Saturday 9th June 2007 15:07 GMT

"Maiffret, who holds up Microsoft as a model for responsible vulnerability handling"

ie let months go past before issuing a patch.

Bad Yahoo! Released a fix in 24 hrs.

re: Model? 

By Chris Purcell Posted Sunday 10th June 2007 15:35 GMT

"Bad Yahoo! Released a fix in 24 hrs"

No, they didn't. They released a fix 24 hours after a hacker had already exploited the bug. They had longer than that to fix it. Not that I'm claiming they're slow or anything. But not releasing a patch for months *and* not telling anyone what to exploit seems more responsible than quickly releasing a patch, but giving hackers a fighting chance at exploiting it first.

re: Model? 

By Dillon Pyron Posted Monday 11th June 2007 01:29 GMT

How many times has MS been prompted to publish a patch after a "zero day" exploit? A patch that they've been sitting on?

Webcast: Jumpstart your Application Security initiatives