Julius
I just stumbled upon a Wikipedia article on Daniel J. Bernstein. Rings a bell? How about qmail? djbdns? No? Go and read the article and visit the links specified in it!
In a nutshell, DJB is a professor, mathematician, cryptologist and a programmer who's accent is on efficient and, above all, secure code. He is known for criticizing archaic software behemots, such as Sendmail and BIND.
I find his stance on disclosure interesting:
Immediate full disclosure, with a working exploit punishes the programmer for his bad code. He panics; he has to rush to fix the problem; he loses users.
You're whining that punishment is painful. You're ignoring the effect that punishment has on future behavior. It encourages programmers to invest the time and effort necessary to eliminate security problems.
So radical it hurts. But, does it help?
PS: Julius? That's what the "J" stands for.
April 18th, 2005 - 09:58
Heh, ovo je radikalno:
“I won’t be satisfied until I’ve put the entire security industry out of work.”