1 Dec
2011
1 Dec
'11
1:44 p.m.
On Thursday 01 December 2011, Daniel-Constantin Mierla wrote:
[..]
Hi Daniel,
IMHO also certain denial of service attacks belongs to the "security bug"
class. If somebody can easily bring my service down because of e.g. a crash
during the processing of misformated (network) input then the availability of
the service can be easily compromised.
Best regards,
Henning
Anyone objecting to implementing a process for
handling security
incidents?
I have no objection in this regard, any contribution/managing process
that will make usage of the project easier/more attractive for various
people is welcome. The question will be who will take the work (e.g.,
reviewing, categorization, announcements to devels and community, ...).
Personally, I try not to make a difference between bugs, but just try to
solve asap, with priority on how common use case is the situation rising
the bug.
Another question is categorizing 'security bugs' - in my understanding I
consider such bugs when one can gain access to server or
steal/compromise data from/on the server. Chasing situations are not in
this category (IMO).