You know, I expect some crappy software from Adobe from a security perspective. That much I have come to expect. But, to allegedly not give credit for 400 vulnerabilities to a researcher and roll out the fixes for them is somewhat unconscionable.
From H-Online:
Officially, Adobe’s current update for Flash Player has closed only 13 holes, but unofficially it is said to have closed several hundred. Security specialist Tavis Ormandy, who works for Google, claims that he discovered 400 holes and notified Adobe of them. The specialist has now complained that, while the holes have been closed, they haven’t been mentioned in the official advisory, and he hasn’t been given credit for their discovery.
Shame on Adobe is this is the case.
(Image used under CC from heyrocker)
Why mention where Tavos is employed; it is not relevant.
I am speaking for myself here, and my opinion on this is valid (err, should be) whether I’m an DOD inspector at Boeing or just an anonymous poster with a valid point.
(I’m a secutity consultant for municipal IT in 98115, not that it should matter.)
sorry, meant to take that out on h-online. it’s a passionate issue for me, the association with a current PoE and implied credibility by naming someone’s “day job.” Again, I apologize for my mini-rant.
@marcbl Ranting is welcome 😉