Wednesday, July 9, 2008

Kaminsky and the new vulnerability patching world

A few years ago, it would be impossible to imagine something like what Dan Kaminsky has done with the recently uncovered DNS cache poisoning vulnerability. Although the technical details of the issue are still not public (and are probably "wicked cool", 3117, etc), the mosr impressive fact of the whole story is that there was an joint effort from several companies (competitors included) and organizations to release the patch in a organized way. It is the best sample of responsible disclosure I've ever seen so far. I think this is a vey good example of how mature our field is comparing to old times.Congratulations (one more time) to Kaminsky. And to the participants of the joint effort too.  

1 comment: