Monday, March 13, 2006

NORAD orders Web deletion of transcript

This seems somewhat foolish. For some reason, the Defense Department thought that the transcript of a public hearing should be pulled from a government website. The speculation is that this transcript was deemed a security risk due to the fact that it might have revealed sensitive information. Later in the article, it is mentioned that the article might have been pulled due to the criticism of the government, as opposed to an attempt to hide a security risk. Oh, that makes me feel so much better.

Isn't it better to have an open forum where vulnerabilities such as this can be brought to light? If we pretend there's no problem, how can a solution be found? This applies as much to Homeland Security as it does to application security. I'm all for responsible disclosure on the part of vulnerability researchers, but if an application vendor is not addressing the problem in a timely manner, how is this serving their customers?

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home