Forgot your password?
typodupeerror

Comment: 200m people (Score 1) 222

by bzfreek (#31870932) Attached to: Porn Virus Blackmails Victims Over "Copyright Violation"
What I think we need to be more worried about is how 0.2 people are using some software.

I mean is there a few Million people that try to download something and only get a few bits of it, or maybe the developers are working on a new form of collaborative programing where they only let people download 1/5 of their source and make the population work together to get the working program.

Either way I don't think this virus will be a problem until it can effect more then 1 person.

Comment: What is your risk? (Score 1) 182

by bzfreek (#31811952) Attached to: Why Responsible Vulnerability Disclosure Is Painful and Inefficient
What your problem is is not Reasonable Disclosure it is more vendor relationships, which will almost always involve playing a bit of political posturing. While there is never a one size fits all solution, I could suggest a few things that might be a good idea. First I would asses the risk that this company in particular poses to your overall operations, this does include things like chance of reprisal for disclosing this. I know this is a daunting task, but you need some kind of metric of how much sticking with them will cost you, both in the short and long term. Once you know your risk you can figure out how to play this game. If there is little risk to your operation, I would suggest a full public disclosure. Yes this might be dangerous but it is a very surefire way of getting resolution, it may not be to your liking but something will get done. There might be only moderate risk, that would probably have anonymous disclosure. If you have given the developers a chance to correct and patch (about a month) this is a perfectly fine course of action. It will help limiting reprisal while still giving you some protection. Finally, there may just be too much risk that disclosure might harm you. My suggestion with no knowledge of particulars would be find alternatives and compare the risk with disclosing vs cost of switching to a new system. The latter will almost always be more expensive in the short term, but over the life cycle of the product it might cheaper to switch sooner then later

The IBM purchase of ROLM gives new meaning to the term "twisted pair". -- Howard Anderson, "Yankee Group"

Working...