Reply to post: Wow, no.

Yeah, says Google Project Zero, when you think about it, going public with exploit deets immediately after a patch is emitted isn't such a great idea

stiine Silver badge

Wow, no.

"Your users are now in a race to update their systems before the hole is exploited by miscreants using the web giant's exploit. If your patch doesn't fully work, your users are now left completely vulnerable while hackers can play merry havoc with your busted code as you scramble to emit a followup update."

No, not at all. Once the patch is released, its downloaded by the people writing malware. At this point, they know exactly what was broken and if the fix didn't actually fix it, for them nothing changes.

This is for complicated bugs, like Microsoft writes, where you have to re-design the entire application from the ground up, in order to eliminate the bug(s).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020