|
|
|
|
|
|
by agwa
4443 days ago
|
|
|
That timeline shows that Red Hat knew about Heartbleed exactly 14 minutes before the other distros did. Hardly sounds like a "leg up" to me. The Heartbleed disclosure was kind of botched, but in general things go more smoothly, with all the major distros being informed ahead of time and having time to prepare patches. For example, see the Xen privilege escalation vulnerability in 2012, and the PostgreSQL remote execution vulnerability in 2013. In both cases, Ubuntu was informed ahead of time and had updates ready to roll when the vulnerability was publicly disclosed. |
|
|