Title :
Telling the goodguys: disseminating information on security holes
Author_Institution :
Harvard-Smithsonian Obs., Cambridge, MA, USA
Abstract :
The author discusses what should be done by a software vendor when the product has a security flaw. One alternative, which the author discounts, is to hide the problem and hope it will not be discovered. The alternative, favored by the author, is to widely publicize the patch, hoping that `badguys´ will not reverse engineer it to discover the hole. Several variations are proposed, including distributing an encrypted version of the patch and later publicizing the keyword, and distributing the patch as or on a benign virus
Keywords :
DP industry; computer software; information dissemination; security of data; benign virus; encrypted version; keyword; patch; security flaw; security holes; software vendor; Astrophysics; Books; Communication system security; Computer bugs; Computer viruses; Information security; Observatories; Reverse engineering; Software systems; Testing;
Conference_Titel :
Aerospace Computer Security Applications Conference, 1988., Fourth
Conference_Location :
Orlando, FL
Print_ISBN :
0-8186-0895-1
DOI :
10.1109/ACSAC.1988.113444
