Language Selection

English French German Italian Portuguese Spanish

Opera on Handling Security

Filed under
Security

Recently, some of our users have asked why we chose to disclose a potential security issue only after the release of Opera 9.10. Let me try to give a short overview on how security issues get reported and disclosed - and not only at Opera, but in most applications: it might help some people to understand how this works.

When somebody discovers a vulnerability in an application, they should report it to the vendor. It can happen that the reporters give a deadline by when they want to make full disclosure of the vulnerability, but usually the reporter and the vendor work out a disclosure date that makes both happy. If the exploit is not clear, both work on details and a PoC (proof of concept). When a fix has been made and a public release is available, both the reporter and the vendor publish an advisory. The vendor usually credits the reporter in the advisory for the discovery of the vulnerability.

It is important that both parties do respect each other: if a fix is included also in development snapshot builds that reach a public audience (like the weekly builds on this blog), fixes for the vulnerability are not announced: this is a form of respect both for the reporter and for all the users that only upgrade to stable releases. Making the vulnerability public knowledge before a stable version fixes the issue would leave lots of users vulnerable. Serious reporters do not announce vulnerabilities before vendors have a fix in public builds - and vendors do not announce vulnerabilities before the reporters makes their discovery public, in order to properly credit them.

Full Story.

More in Tux Machines

Security and Bugs

  • Security updates for Thursday
  • Devops embraces security measures to build safer software
    Devops isn’t simply transforming how developers and operations work together to deliver better software faster, it is also changing how developers view application security. A recent survey from software automation and security company Sonatype found that devops teams are increasingly adopting security automation to create better and safer software.
  • This Xfce Bug Is Wrecking Users’ Monitors
    The Xfce desktop environment for Linux may be fast and flexible — but it’s currently affected by a very serious flaw. Users of this lightweight alternative to GNOME and KDE have reported that the choice of default wallpaper in Xfce is causing damaging to laptop displays and LCD monitors. And there’s damning photographic evidence to back the claims up.

BSD: iXsystems and DragonFlyBSD

  • iXsystems Sees Record Growth in 2016, Charges Into 2017
    The FreeNAS Mini XL was also added, aimed at bringing enterprise-grade storage technology to the small office and home office user
  • VGA-Switcheroo Ported From Linux To DragonFlyBSD
    The latest DRM/graphics-related porting effort by François Tigeot in the DragonFly space is bringing over the vga_swticheroo module from the Linux kernel. François Tigeot continues doing a good job porting Linux DRM drivers over to DragonFlyBSD and getting them close to the state where they are with the mainline Linux Git tree. His latest effort is about getting VGA-Switcheroo working on DragonFly.

KDE/Qt: Qt 5.9.0 beta and Krita

GNOME and GTK News

  • GNOME ED Update – Week 12
    In case you haven’t seen it yet, there’s a new GNOME release – 3.24! The release is the result of 6 months’ work by the GNOME community.
  • GTK hackfest 2017: D-Bus communication with containers
    At the GTK hackfest in London (which accidentally became mostly a Flatpak hackfest) I've mainly been looking into how to make D-Bus work better for app container technologies like Flatpak and Snap.
  • GNOME 3.24 Linux Desktop Environment Released | Here Are The New Features
    The GNOME Project has released the latest stable version of their open source desktop environment. GNOME 3.24, codenamed Portland, is here after 6 months of development and 28459 changes. Some of the biggest features of GNOME 3.24 are Night Light, improved notifications, new Recipes and Games application, two GPU support, etc.