Language Selection

English French German Italian Portuguese Spanish

Opera on Handling Security

Filed under
Security

Recently, some of our users have asked why we chose to disclose a potential security issue only after the release of Opera 9.10. Let me try to give a short overview on how security issues get reported and disclosed - and not only at Opera, but in most applications: it might help some people to understand how this works.

When somebody discovers a vulnerability in an application, they should report it to the vendor. It can happen that the reporters give a deadline by when they want to make full disclosure of the vulnerability, but usually the reporter and the vendor work out a disclosure date that makes both happy. If the exploit is not clear, both work on details and a PoC (proof of concept). When a fix has been made and a public release is available, both the reporter and the vendor publish an advisory. The vendor usually credits the reporter in the advisory for the discovery of the vulnerability.

It is important that both parties do respect each other: if a fix is included also in development snapshot builds that reach a public audience (like the weekly builds on this blog), fixes for the vulnerability are not announced: this is a form of respect both for the reporter and for all the users that only upgrade to stable releases. Making the vulnerability public knowledge before a stable version fixes the issue would leave lots of users vulnerable. Serious reporters do not announce vulnerabilities before vendors have a fix in public builds - and vendors do not announce vulnerabilities before the reporters makes their discovery public, in order to properly credit them.

Full Story.

More in Tux Machines

IPFire 2.19 Linux Firewall OS Patched Against the Latest OpenSSL Vulnerabilities

Only three days after announcing the release of IPFire 2.19 Core Update 104, Michael Tremer informs the community about the availability of a new update, Core Update 105, which brings important OpenSSL patches. Read more

Top Web Browsers for Linux

No matter which Linux distro you prefer, I believe the web browser remains the most commonly used software application. In this article, I'll share the best browsers available to Linux users. Chrome – No matter how you feel about the Chrome browser, one only need to realize the following: Local news still streams in Flash and Chrome supports this. Netflix is supported using Chrome. And of course, Chrome is faster than any other browser out there. Did I mention the oodles of Chrome extensions available including various remote desktop solutions? No matter how you slice it, Chrome is king of the jungle. Read more

Linux Kernel 4.4.22 LTS Brings ARM and EXT4 Improvements, Updated Drivers

Immediately after announcing the release of Linux kernel 4.7.5, renowned kernel developer and maintainer Greg Kroah-Hartman informed the community about the availability of Linux kernel 4.4.22 LTS Read more

Tor Project Releases Tor (The Onion Router) 0.2.8.8 with Important Bug Fixes

The Tor Project announced recently the release of yet another important maintenance update to the stable Tor 0.2.8.x series of the open-source and free software to protect your anonymity while surfing the Internet. Read more