Adam Kalsey

This is the blog of Adam Kalsey. Unusual depth and complexity. Rich, full body with a hint of nutty earthiness.

Security & Privacy

Security notifications

7 Oct 2004

The common practice among security firms is to delay public announcement of vulnerabilities until they’ve notified the software developer first. This lets the software developer get to work on a fix before the information about how to exploit a problem is broadcast to the world.

But for the second time in a week, Secunia has found a vulnerability and released it publicly without bothering to even tell the developers about it. Not only have they not given sufficient time to get a fix ready, but the developers had to find out about the problem through the news reports.

This is an extreme departure from how security companies operate and is a dangerous practice. By publishing vulnerabilities complete with descriptions for accomplishing the exploit, they are providing wannabe crackers with the means to attack systems. Secunia is also causing public alarm without giving the public a way to patch their systems. People see news of the security problem and then go to the vendor looking for a solution but the vendor just found our about the problem as well and can’t provide a fix. I’ll bet that many of these people forget to later check back for updates and continue to run vulnerable software.

See Flaw found in older Office versions (News.com) and WordPress 1.2.1 (WordPress Dev Blog) for complete stories.

Recently Written

Your OKR Cascade is Breaking Your Strategy
Aug 1: Most companies cascade OKRs down their org chart thinking it creates alignment. Instead, it fragments strategy and marginalizes supporting teams. Here's what works better than the waterfall approach.
Your Prioritization Problem Is a Strategy Problem
Jul 23: Most teams struggle with prioritization because they're trying to optimize for everything at once. The real problem isn't having too many options—it's not having a clear strategy to choose between them. Without strategy, every decision feels equally important. With strategy, most decisions become obvious.
Behind schedule
Jul 21: Your team is 6 weeks late and still missing features. The solution isn't working harder—it's accepting that your deadlines were fake all along. Ship what you have. Cut ruthlessly. Stop letting "one more day" turn into one more month.
VC’s Future Lies In Building Winners
Jun 21: AI and megafunds are about to kill the traditional venture model, forcing smaller VCs to stop hunting for hidden gems and start rolling up their sleeves to fix broken companies instead.
Should individual people have OKRs?
May 14: A good OKR describes and measures an outcome, but it can be challenging to create an outcome-focused OKR for an individual.
10 OKR traps and how to avoid them
May 8: I’ve helped lots of teams implement OKRs or fix a broken OKR process. Here are the 10 most common problems I see, and what to do instead.
AI is Smart, But Wisdom Requires Judgement
May 3: AI can process data at lightning speed, but wisdom comes from human judgment—picking the best imperfect option when facts alone don’t point the way.
Decoding Product Leadership Titles
Mar 18: Not all product leadership titles mean what they sound like. ‘Head of Product’ can mean anything from a senior PM to a true VP. Here’s how to tell the difference.

Older...

What I'm Reading