Responsible security releases

It’s great to see that the habari guys are committed to security as well as functionality and are providing security updates for there pre-1.0 software.  It is a pity to see that they don’t disclose much in there security announcements.

For me, responsible open security practises should mean that as well as providing a quick response to security issues you provide enough detail about the issue to your users to allow them to make a judgement call about how important the upgrade is to them.  Do they need to do the upgrade immediately because the issue is easy to exploit or can it wait till the weekend when they have more time to ensure they have a backup and a plan for when the upgrade goes wrong.
Continue reading “Responsible security releases”