Silent Circle, an encrypted communications mobile app,
censored vulnerability reports and did not disclose the existence of severe security bugs to their users. This is a very bad practice because users are not aware that they are vulnerable, and cannot decide to stop using Silent Circle until the vulnerabilities are fixed.
Lessons Learned:
- Always inform your users of critical security bugs as soon as possible. Even if they can't fix it themselves, they can always chose not to use the software until it has been updated.
No comments:
Post a Comment