A Biologist’s-Eye View of OSS Vulnerability Disclosure

Neil McAllister deliberates the question of public disclosure of open source vulnerabilities, contrasting Ounce Labs’ announcement of security vulnerabilities in the Spring Framework for Java with Linus Torvalds recent missive on the Linux kernel development mailing list. Sure, vulnerability bulletins raise awareness of real danger, but they also distract from other productive activities. To find the right balance between keeping users informed and maintaining an orderly and holistic development process, McAllister suggests we take a biologist’s view of how species deal with risk perception.


  1. 2008-07-18 12:15 pm
  2. 2008-07-18 2:26 pm
  3. 2008-07-21 1:33 am