* Jasper Filon: > Well, obviously it is not a _security_ bug, since it has nothing to do > with security.
Availability is typically considered one aspect of security (and arguably the hardest one to get right in networked applications). For example, here's a quote from FIPS 199: | Security Objectives | | The FISMA defines three security objectives for information and | information systems: | | CONFIDENTIALITY | | "Preserving authorized restrictions on information access and | disclosure, including means for protecting personal privacy and | proprietary information..." [44 U.S.C., Sec. 3542] | | A loss of confidentiality is the unauthorized disclosure of information. | | INTEGRITY | | "Guarding against improper information modification or destruction, | and includes ensuring information non-repudiation and authenticity..." | [44 U.S.C., Sec. 3542] | | A loss of integrity is the unauthorized modification or destruction of | information. | | AVAILABILITY | | "Ensuring timely and reliable access to and use of information..." [44 | U.S.C., SEC. 3542] | | A loss of availability is the disruption of access to or use of | information or an information system. As far as as I know, these definitions are widely accepted and guide most vendor security efforts. Maybe the example I gave is not a security bug, but I think you need a more convincing argument than "it's just a crash". -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
