When is a security update made?

4 risposte [Ultimo contenuto]
panties
Offline
Iscritto: 02/02/2021

When is a security update made?
Is it done after an attack has occurred?
In this case, do I understand that an attack means that the data in my Trisquel machine is likely to be stolen?
Or do Trisquel developers fix the possible security holes before they are attacked?
I think it's probably both, but in what other situations would they do a security update?

andyprough
Offline
Iscritto: 02/12/2015

Most security vulnerabilities are found by researchers who are testing for them, or are found based on bug reports. These kinds of vulnerabilities are not already being used in any malware or hacking attack. Trisquel is applying patches to catch these before your computer ever becomes vulnerable to a real attack.

If you see something called a "zero day" attack, that means that the researchers did not discover it until someone was already using it with malware or hacking. That's the bad kind, but those are more rare. When they find a zero day attack, they usually send out a security update quickly, and you would get that in your updates also.

Magic Banana

I am a member!

I am a translator!

Offline
Iscritto: 07/24/2010

The developers of a given program may discover security bugs too.

lanun
Offline
Iscritto: 04/01/2021

True. As well as its many reviewers, in the case of libre software. To be fair, that also somehow applies to open-source software.

panties
Offline
Iscritto: 02/02/2021

Hmm. Well, that's good then.