Monday, June 30, 2008

Top 10 Strategies on Responding to Security Issues

This top 10 list is to about how to hide/handle security problems reported. It is taken from Thomas Ptacek's article at Matasano.
  1. Deny everything
  2. Keep it secret
  3. Forget the report
  4. Make excuses
  5. Downplay
  6. Wait for next release
  7. Beta-test the fix
  8. Patch the exploit
  9. Shoot the messenger
  10. Threaten lawsuit
You may laugh, but these are what loved by most employers.