Why is a secret security patch a problem? Why broadcast security problems(which only invites people to try to exploit the problems)?

What's wrong with "security through obscurity" and closed-source code?

After all, they wouldn't try to make a bad product (or a product that does things you don't like), would they?
~

Why is a secret security patch a problem? Why broadcast security problems(which only invites people to try to exploit the problems)?

Good question. If I see an upgrade that adds functionality, I might just skip it. More often than not, the latest greatest just adds stuff I don't care about. If it is a security update, it always gets updated. I would potentially be exposed because I might not care about 'new themes', etc.

Why does a security patch need to be kept secret? Why hide security problems (which have been patched)?

The least they could do is say "we patched two security holes, but we won't tell you what they are". Doing anything more secret looks immediately suspicious.

The truth is, Opera has such small share of the browser market that it just doesn't matter if the entire world knows about a remote exec hole or not: no cracker or pirate is going to code for such a small fish.

What's more, by not disclosing vulnerabilities and coding being the back of the users, it just makes the development team look like they've acquired their development habbits at Microsoft.

So I'd say Opera loses by hiding this...

I'm sure nearly every downloadable product patches security flaws in secret. Fixing a bug just isn't worth making a big song and dance about in a large number of cases. Secondly, the slashdot article assumes that it is known how to exploit a software bug. It is is extremely hard to work out all the possible ways to exploit a software bug. It is a lot easier to just fix the issue.

The only reason this article was written is because someone actually disovered a security bug that had been fixed but not reported in Opera. This is absolutely no reason to slam Opera. Just becasue the writer found out about it is no reason at all. You're only hurting Opera because they fix security issues. The same argument could apply to Internet Explorer (spare me any IE flaming please).

Thirdly, Opera is not the most widely used browser. The fact is that any bug in Opera is not likely to be worth the time to exploit. Any exploit would only have a very remote chance of actually taking place. You have to lure someone to view your specially crafted JPG, and secondly they have to be using Opera to do it. Not very likely.

In summary, more FUD on Slashdot.

They've certainly made no secret about it in the dev blogs, and other places. I think the problem just lies in a minor disconnect between what the people writing the changelogs as being important, and what the slashdot people see as important.

Opera needs better public changelogs, and could use an improved bug tracking system on the public side, but other than that it's a damn fine browser.

First, is it genetically impossible for slashdotters to discuss someting without bringing MS into it? Microsoft has nothing to do with this issue, idiot. Second, WFT are you talking about? Since when has Microsoft charged for fixes to IE, moron?

Relax. As you yourself point out, Microsoft is often mentioned here. Therefore, the Microsoft reference was a well-known, and thus easily-utilized, example. Also, the implied example was along the lines of reasons given for upgrading from Windows 98 to XP, and now from XP to Vista, all of which do cost money. That Microsoft also fixes other software without charge does not invalidate this example, since no claim was made that Microsoft never uses any other tactic. However, if you have some kind of ultra-sensitivity, I suppose you could invent such a claim in your own perception, but in that case why call me the idiot?