Language Selection

English French German Italian Portuguese Spanish

Opera on Handling Security

Filed under
Security

Recently, some of our users have asked why we chose to disclose a potential security issue only after the release of Opera 9.10. Let me try to give a short overview on how security issues get reported and disclosed - and not only at Opera, but in most applications: it might help some people to understand how this works.

When somebody discovers a vulnerability in an application, they should report it to the vendor. It can happen that the reporters give a deadline by when they want to make full disclosure of the vulnerability, but usually the reporter and the vendor work out a disclosure date that makes both happy. If the exploit is not clear, both work on details and a PoC (proof of concept). When a fix has been made and a public release is available, both the reporter and the vendor publish an advisory. The vendor usually credits the reporter in the advisory for the discovery of the vulnerability.

It is important that both parties do respect each other: if a fix is included also in development snapshot builds that reach a public audience (like the weekly builds on this blog), fixes for the vulnerability are not announced: this is a form of respect both for the reporter and for all the users that only upgrade to stable releases. Making the vulnerability public knowledge before a stable version fixes the issue would leave lots of users vulnerable. Serious reporters do not announce vulnerabilities before vendors have a fix in public builds - and vendors do not announce vulnerabilities before the reporters makes their discovery public, in order to properly credit them.

Full Story.

More in Tux Machines

Manjaro Community Proudly Presents The Release of Manjaro Linux 0.8.13.1 i3 Edition

Today, August 4, Bernhard Landauer, the maintainer of the i3 community edition of the Manjaro Linux distribution had the pleasure of announcing the immediate availability for download of Manjaro Linux i3 0.8.13.1. Read more

GParted 0.23.0 Open Source Partition Editor Adds Support for Setting New Btrfs UUID

The developers of the famous GParted open-source partition editor software used by default on numerous Live CDs announced the release and immediate availability for download of GParted 0.23.0. Read more

Lumina Desktop 0.8.6 Released!

Just in time for PC-BSD & FreeBSD 10.2 (coming soon), the Lumina desktop has been updated to version 0.8.6! This version contains a number of updates for non-English users (following up all the new translations which are now available), as well as a number of important bug-fixes, and support for an additional FreeDesktop specification. The PC-BSD “Edge” packages have already been updated to this version and the FreeBSD ports tree will be getting this update very soon as well. Read more

Find The Perfect Linux-Compatible PC With Ubuntu's Hardware Database

Some PCs are more difficult to run Linux on than others — it’s all about the drivers. Some laptops are available with Linux pre-installed, but plenty aren’t — even though they may make great Linux PCs. The Ubuntu Certified Hardware database helps you find Linux-compatible PCs. Most computers can run Linux, but some are much easier than others. Certain hardware manufacturers (whether it’s Wi-Fi cards, video cards, or other buttons on your laptop) are more Linux-friendly than others, which means installing drivers and getting things to work will be less of a hassle. Read more