Buggin' Out?

Simmering debate over the month-of-bugs approach boils over among researchers

January 2, 2007

1 Min Read
Network Computing logo

4:35 PM -- There's something about the latest string of Month-of-Bugs initiatives -- the Month of Kernel Bugs (MOKB), the (almost)-Week of Oracle Bugs, and now the Month of Apple Bugs -- that's starting to eat at some researchers: whether this method of disclosing vulnerabilities and releasing exploits actually helps, or hurts, security. (See Apple Bug Bites OS X, Windows, An Apple (Bug) a Day, and Hackers and Humbugs.)

This, of course, is a no-brainer for vendors, which regularly preach responsible disclosure and chastise hackers who go public with bugs and exploits before they get a chance to patch the problems. Microsoft has made its feelings well known on this.

But although the research community rallied around the Month of Browser Bugs (MOBB) last July as a much-needed wakeup call for browser security, there's a growing debate among researchers as to whether this approach has run its course or not. Does this signal a rift in the researcher community?

We'll dive into this red-hot debate tomorrow, January 3. Check back with us then to get the latest details.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights