Tuesday, June 5, 2007

Critical Alerts in the Blogosphere

Last week, US CERT reported a bug in an out-of-market product - a bug we fixed a number of releases ago.

As I have previously stated, *zero* Authentium customers are affected.

This is an old engine. Product has not shipped with this engine in over a year, and all of the old engines have been swapped out per our normal updating process.

Unfortunately, headlines like "we fixed the bug a year ago" do not sell newspapers - or bring visitors to blogs or security sites. Which is why in virtually every report, you'll inevitably find a "critical alert" headline, then eventually, down the page, the objective truth behind the story.

The guys who write the headlines know what they're doing. With a billion computers humming away every day on the planet and two billion more cell phones plugged into networks, headlines like "critical security alert" are meaningful to everybody. So they get picked up.

The next thing that happens is that more news reports appear propagating the urgent aspect of the story and the story gets picked up and repeated - call it the "Digg factor."

Responding to this is painful. Correcting this bias can take weeks of painstaking presentation. Emotions don't count in this phase of things - this is the grunt work of corporate blogging, and it follows three basic rules: continue to push out the facts (and only the facts), repeat as often as necessary via as many channels as possible, and don't get emotional.

Yes, it's a lot of work. But that said, I wouldn't have it any other way. Third party blogging and free expert commentary are what make the Internet such a valuable place. That some of us have to do an extra blog posting every now and then is a pretty small price to pay.

No comments: