Brand name software bugs with flashy public relations campaigns are commonplace since the Heartbleed vulnerability was announced in 2014 with a media-friendly name, logo, and web site. But another bug is on the horizon that is setting a new bar for brand-name bug disclosures. It’s called Badlock, and it’s already receiving a lot of controversial attention, even though the exact nature of the bug-and most importantly, the patches to fix it-won’t be disclosed for another three weeks.
The bug affects unknown versions of the Windows operating system and Samba, free open-source software that integrates Linux or Unix servers and Windows computers across a network. A pre-patch marketing campaign about the security hole includes a web site and logo that SerNet, the German company behind the bug discovery, says is meant to inform system administrators that patches are coming on April 12, so they can prepare to update systems that day.
