"Chilling Effects" paper at USENIX

Jaya Kumar jayakumar.lkml at gmail.com
Wed Apr 9 00:54:51 EDT 2008


Moved the top post down.

On Tue, Apr 8, 2008 at 9:21 PM, Mitch Bradley <wmb at laptop.org> wrote:
> It would have been nice if the criticisms had been delivered directly to
> OLPC, instead of broadcast in a public forum, where enemies of OLPC can cite
> and expand on them as evidence that "OLPC is hopelessly screwed up, so you
> should buy our competing product instead".  If you get my drift.

In the free and open source community, people generally post their
technical opinions and criticisms in the open. If they're wrong, then
we can say it, while moving forward, or if they're right, then we can
fix it, and move forward.

>
>  I believe that the prevailing ethos in the white hat security community is
> to report newly-discovered vulnerabilities first to the company in question,
> thus giving them some amount of time to develop a patch before the public
> announcement.

If the paper provided an exploit or specifically identified a
vulnerability then they should have sent it to you guys first. Did
they identify a specific vulnerability or exploit?

>
>  The authors appear to be academics, however, so they would get little
> credit for having contributed to OLPC security by privately contacting OLPC
> and giving us an opportunity to address their concerns. Publishing is the
> coin of the realm in academic circles.

Agreed. Are any of their concerns valid?

Thanks,
jaya



More information about the Devel mailing list