Give it to me straight.
Does my boss now know about by BDSM thing? Don't be gentle.
Tumblr today reveal it has fixed a security bug in its website that quietly revealed private details of some of its bloggers. This is quite an interesting bug. The desktop version of Tumblr shows a list of recommended blogs for logged-in users to check out. According to Tumblr, "it was possible, using debugging software in a …
This post has been deleted by its author
However, there is a fear this practice will discourage organizations from looking in the first place, in order to avoid any negative headlines when they publicize their bug discoveries.
That's a false sense of reality. Imagine the turmoil if an unpatched bug hit hard or they gave away (sold) the info like FB did? Oh wait, users didn't bail out en masse so no fear of publicizing bugs then.
Can you imagine the information overload if every Fortune 1000 company automotive manufacturer publicly disclosed every security bug discovered by a penetration test, bug bounty, or an internal audit government safety review or third party tester?
You mean as is expected in other industries? Makes the world a better place.