Wednesday, December 17, 2008
Since the vulnerability was fixed and a patch for Solaris is available, I released a detailed security advisory on my website today. The bug was assigned CVE-2008-568. Sun took 471 days to provide a fixed version of its operating system (see Figure 3-7). That’s an unbelievably long time!
Figure 3-7. Timeline from notification of the bug to the release of the fixed operating system