HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
When someone asks Should vendors close all security holes? youd think the answer would be obvious
but is it? Apparently some companies dont patch low-risk exploits until they are reported publicly. Do you agree? Disagree? Hit the comments link below and share your thoughts.
Our company spends significantly to root out security issues," says the reader. "We train all our programmers in secure coding, and we follow the basic tenets of secure programming design and management. When bugs are reported, we fix them. Any significant security bug that is likely to be high risk or widely used is also immediately fixed. But if we internally find a low- or medium-risk security bug, we often sit on the bug until it is reported publicly. We still research the bug and come up with tentative solutions, but we dont patch the problem.