Linus Torvalds has told a Q&A session at Linux.conf.au that he is a huge believer in disclosing security issues publicly.
Sharing the stage with Bdale Garbee, chairman of the Debian technical committee, Samba author Andrew “Tridge” Tridgell, and kernel contributor Rusty Russell, Torvalds said on Friday that security is a hard problem, and it is satisfying to see more public disclosures.
“People are less willing sometimes to brush the problem under the mat, and leave it up to vendors that have disclosures, like infinity long disclosure times,” he said. “I’m a huge believer in just disclosing, still somewhat responsibly, but security problems need to be made public — and there are people who argue, and have argued for decades, that you never want to talk about security problems because that only helps the black hats — and the fact is that I think you absolutely need to report them, and you need to report them in a reasonable time frame.