4:35 PM -- There's something about the latest string of Month-of-Bugs initiatives -- the Month of Kernel Bugs (MOKB), the (almost)-Week of Oracle Bugs, and now the Month of Apple Bugs -- that's starting to eat at some researchers: whether this method of disclosing vulnerabilities and releasing exploits actually helps, or hurts, security. (See Apple Bug Bites OS X, Windows, An Apple (Bug) a Day, and Hackers and Humbugs.)
This, of course, is a no-brainer for vendors, which regularly preach responsible disclosure and chastise hackers who go public with bugs and exploits before they get a chance to patch the problems. Microsoft has made its feelings well known on this.
But although the research community rallied around the Month of Browser Bugs (MOBB) last July as a much-needed wakeup call for browser security, there's a growing debate among researchers as to whether this approach has run its course or not. Does this signal a rift in the researcher community?
We'll dive into this red-hot debate tomorrow, January 3. Check back with us then to get the latest details.
Kelly Jackson Higgins, Senior Editor, Dark Reading
Apple Inc. (Nasdaq: AAPL)
Microsoft Corp. (Nasdaq: MSFT)
Oracle Corp. (Nasdaq: ORCL)