2 Sep
2020
2 Sep
'20
2:28 p.m.
On 2020-09-02 14:21, Fred Posner wrote:
As time progresses, attack metrics change. If a
criteria meets a major
announcement, the project has shown and demonstrated that information
will be released in a security announcement, for example:
https://www.kamailio.org/w/2018/07/kamailio-security-announcement-for-kamai…
For better or worse, one of the arguments made was that if 2018 was the
last time we had an announcement of this magnitude, we must not be
Serious About Security™.
It is worth taking the time to introspect about whether the threshold
for such announcements is properly calibrated. That's never a bad idea.
However, to suggest that there must be a quota met of major
vulnerability announcements per unit of time met in order for a project
to be credibly Serious About Security™ is ludicrous.
-- Alex
--
Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/