Language Selection

English French German Italian Portuguese Spanish

Opera on Handling Security

Filed under
Security

Recently, some of our users have asked why we chose to disclose a potential security issue only after the release of Opera 9.10. Let me try to give a short overview on how security issues get reported and disclosed - and not only at Opera, but in most applications: it might help some people to understand how this works.

When somebody discovers a vulnerability in an application, they should report it to the vendor. It can happen that the reporters give a deadline by when they want to make full disclosure of the vulnerability, but usually the reporter and the vendor work out a disclosure date that makes both happy. If the exploit is not clear, both work on details and a PoC (proof of concept). When a fix has been made and a public release is available, both the reporter and the vendor publish an advisory. The vendor usually credits the reporter in the advisory for the discovery of the vulnerability.

It is important that both parties do respect each other: if a fix is included also in development snapshot builds that reach a public audience (like the weekly builds on this blog), fixes for the vulnerability are not announced: this is a form of respect both for the reporter and for all the users that only upgrade to stable releases. Making the vulnerability public knowledge before a stable version fixes the issue would leave lots of users vulnerable. Serious reporters do not announce vulnerabilities before vendors have a fix in public builds - and vendors do not announce vulnerabilities before the reporters makes their discovery public, in order to properly credit them.

Full Story.

More in Tux Machines

OpenMediaVault 1.0, a Complete Free NAS Solution You Didn't Know You Needed

As you can expect, there are a ton of free NAS (network attached storage) projects and solutions on Linux (and beyond), but there is always room for one more. OpenMediaVault packs quite a few features and users will most likely find all the options that they will ever need. The OpenMediaVault might have a round and neat version number, but the project has been around for a few years now and it's made by Volker Theile, a former member of FreeNAS, which is another very famous NAS solution. Read more

How Matt's Machine Works

And that is how Mullenweg, creator of WordPress, founder of Automattic, and chairman of The WordPress Foundation, runs 22% of the Internet. Read more

Open-source project promises easy-to-use encryption for email, instant messaging and more

Called "Pretty Easy Privacy" (PEP), the project's goal is to integrate the technology with existing communication tools on different desktop and mobile platforms. The development team launched a preview PEP implementation Monday for the Microsoft Outlook email client, but plans to build similar products to encrypt communications in Android, iOS, Firefox OS, Thunderbird, Apple Mail, Jabber, IRC (Internet Relay Chat), WhatsApp, Facebook Messenger, Snapchat and Twitter. Read more

Samsung Open Source Group’s Linux Kernel Updates and More from LinuxCon

This year's LinuxCon & Kernel Summit North America were notable for several reasons, not the least of which included being able to see the scenic views of downtown Chicago through the hotel lobby windows! Below, the Samsung Open Source Group will share our top highlights of the conferences, as well as look forward to what we can expect from LinuxCon Europe next month in Germany. Read more