What's wrong if security people focus on security, run after vulnerabilities and fix them asap.. like GUI people's focus on user interface related things. Nobody can be everybody. Why he keep telling to blame people who is only interested in security bugs? I don't understand what he is talking about. Or I get totaly wrong.. - Pınar Yanardağ
Do you have the right link? Here is the original message: http://article.gmane.org/gmane... - ben lorica
I think what he is saying is that security *bugs* get more attention than they deserve, that there are a lot of *other* bugs that are more challenging and crucial. It's tricky: by calling attention to security vulnerabilities, it may well be the case that patches get applied more promptly. OTOH, there are lots of other kernel bugs that need fixing. - ben lorica
I am totaly agree with you: there are (more) critical (but non-security related) bugs need fixing. But what I want to point out is, what's wrong if there are some kernel hackers who are, let's say "mad about security" and some kernel hackers who are fixing "normal" bugs? For example, I am an official developer of Pardus GNU/Linux and a member of Pardus Security Team and whatever critical a bug is, I first focus on security-related bugs while my co-workers focus on other bugs and leave security fixes to me. - Pınar Yanardağ
(continues..) And I know.. as an engineer, I shouldn't think like that. A bug is a bug and need fixing. But that's the faster way to keep your software safe against vulnerabilities. Btw, Larry Osterman has one or two interesting point of view about this: http://blogs.msdn.com/larryost... - Pınar Yanardağ