Torvalds on Vendor-Sec: Delayed Disclosure Issues in Linux Security

Torvalds has never really been a fan of the vendor-sec list. Vendor-sec is supposed to be a vendor only list that is not publicly available. It's supposed to ensure that vendors will have the time they need to make fixes. Back in 2005, Torvalds criticized vendor-sec, arguing that delayed disclosure, as is currently done by the vendor-sec list, is broken. He said he strongly believes that users should get updates before a disclosure is made.

The link for this article located at Internet News is no longer available.