Jump to content

Security Updates with Premium Support


Recommended Posts

Premium support customers as part of their premium support get their sites patched before we make the public release. This is not something we hold back from the public, they are just done first is all.

Not sure if this is a good policy at all. Just to make more money you are basically putting all other license owners websites in danger. Hope this will change ASAP.

Link to comment
Share on other sites

Once the patch is available, the exploit is wide open on all unpatched installations. Clients who have the need for priority support are more likely to be hacked than the rest of us, so it's in IPS' best interests to get those clients patched before the exploit is publicly known. It wouldn't exactly help improve IPS' reputation if forums like Neowin, any of the NFL forums or Minecraft Forum where hacked because their IT people where unavailable at the time of the announcement (I'm just assuming these have premium support). Several support techs may also be required to get those forums back again, meaning it'll take longer for you to get your support tickets answered.

When a possible security issue is found, it's normal practice to give the developers a set amount of time to release a patch, or wait till the patch is released, before the exploit is publicly available, as can be seen in these timelines:


[21/10/2012] - Vulnerability discovered
[23/10/2012] - Vendor notified
[25/10/2012] - Patch released: '?do=embed' frameborder='0' data-embedContent>>
[25/10/2012] - CVE number requested
[29/10/2012] - Assigned CVE-2012-5692
[31/10/2012] - Public disclosure


2013/05/02: Advisory sent to IPB
2013/05/02: IPB responded
2013/05/03: Patch has been released
2013/05/03: IPB asked to wait at least a week before publishing advisory to protect their huge community
2013/05/13: Advisory is released

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...