but if your competitors continue down the path of claiming that your software is buggy, set up a public Bugzilla database for their product and watch the fun.
I like this idea so very very much.
Since these are reported, but not necessarily fixed bugs, if someone is interesting in attacking one of your customers, you are giving them a gold mine of potential attack information. I believe in responsible disclosure, but it is one thing to tell your customers. Something else to tell the world, especially before it is fixed.
That is a valid point.
We're quite diligent in making sure nothing which would compromise security of existing customers is visible - I am well aware of the risk, and to use the Australian vernacular - shitscared - of exposing such information.
We do, however, have a few bugs crop up every now and then that support staff annotate the bug with a customer name that flagged the issue, so when they come to test the fix they have a way of notifying them how far it is along the resolution is for them. That is not really directly putting customers at risk - but it's unprofessional and I really hate that. It's like they use Bugzilla as some sort of bastardised CRM - even though we have a pretty capable CRM already.
If they don't like you putting that out there due to branding issue then I'm sure they're going to love you for posting all about the problems with JIWA Financials on Slashdot of all places. What were are you thinking?
I'm here to see if my stance is reasonable or not. Validation, I guess - but also some opposing viewpoints to mine with more substance than what I was getting from our Sales team. They were not articulate or convincing enough for me to be enrolled with their views - so here I am.
I'm not overly concerned about people seeing our issues. I'm rather proud of the fact that we currently are transparent about it and anyone viewing it can see we are active and professional in our conduct.
You mentioned the company I work for - I have no reason to hide that, but chose not to mention it as I didn't want to seem like this was an advertising pitch. I'm not sure what your motivation was for bringing it up, but thanks for the exposure
What was I thinking? I was thinking I could engage a community of like minded professionals, with varying degrees of experience to offer their opinion so I could feel more comfortable about making a decision. I don't like making uninformed decisions.
Why are you here?
I've yielded to the sales and marketing demands such that we no longer display the links next to each build for fixes and enhancements, and now publish "Development Stream (Experimental / Unstable" as simply ""Development Stream", but I know what is coming next — a request to no longer make our Bugzilla database publicly accessible. I still have the Bugzilla database publicly exposed, but there is now only no longer the "click this link to see what we did in this build".
A compromise may be to make the Bugzilla database only visible to vetted resellers and developers — but I'm resistant to making a closed "exclusive" culture. I value transparency and recognise the benefits. The sales team are insistent that exposing such detail is a bad thing for sales.
I know by posting in a community like Slashdot that I'm going to get a lot of support for my views, but I'm also interested in what people think about the viewpoint that such transparency could be bad thing.
Machines have less problems. I'd like to be a machine. -- Andy Warhol