Quote:
Originally posted by KRL
Thinking about this some more. Isn't that kind of crazy to list every security vulnerability openly like that? Hackers will have a field day getting info from that site.
|
Security Through Obscurity has been proven not to work (notice every time a new hahahahahahas-affecting worm is released half the Internet goes down)...
The open source development model had worked well for years for securing software. All the code is on the table, all the bugs are publically discussed among thousands of developers and administrators, and holes and plugged quickly. As soon as a vulnerability is released a patch is usually released with it. The exploit code can be used to test your own systems just as it can be used to crack into other systems.
Online security databases are as much a help to administrators as they are to crackers, if not more.