> AFAIK, most security bugs are never reported to MITRE or Secunia or the > like. For most "smaller" projects, I would guess that that majority of > security bugs are fixed in the normal course of development without any > sort of special advisories, except perhaps in the changelog published by > upstream.
if it is mentioned at all. Chance is good that projects, which do not actively announce security issues, won't mention them in the changelogs. Some people really think that fixing security bugs silently is better than the "bad" publicity from an announcement. -- Bernd Zeimetz <[EMAIL PROTECTED]> <http://bzed.de/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
