Many, myself included, think this practice is dangerous and poorly designed. Example: If a hackers can gain access to my machine just because a specific feature is turned on in my web browser or mail client, I think I should know about it right away rather than quietly allowing 2-4 weeks for the commercial vendor to publish a patch. 2-4 weeks in Internet time is an eternity.
Anyways, quoting The Register:
Secunia makes no bones in saying that its Security Advisories mailing list initiative is a direct attack against competitor SecurityFocus. The Danes are highly critical of SecurityFocus and security clearing house CERT. And they hope that their Secunia mailing list will replace at the "one source of information regarding the latest vulnerabilities and the security patches released by vendors".
Hopefully, they'll live up to this one. I won't be giving up on SecFocus though, it's still a good source of information, delayed or not. I just wish they'd go back to the old interface on the web. The current one, while looking "pretty", detracts from the site's usefulness.
No comments:
Post a Comment