Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: was this reply relevant, take 2

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
metaed was this reply relevant, take 2
Member 21st Apr, 2010 17:23
Ranking: 1
Posts: 109
User Since: 11th Feb, 2009
System Score: 100%
Location: US
The main problem I have with the "was this reply relevant" feature is that some of the relevant and helpful replies are now being hidden behind the message "This reply has been minimised due to a negative Relevancy Score."

It only takes a few negative votes to quickly hide a reply, and suddenly it is invisible and will get no attention from knowledgeable people who would give it positive votes. In short, a few bad actors or just bad luck can permanently hijack a relevant reply shortly after it is posted.

I read here

http://secunia.com/community/forum/thread/show/382...

that the feature is supposed to "help users find solutions when searching our forum". In my experience it is doing the opposite. It is hiding solutions.

I ran into the effect in this thread:

http://secunia.com/community/forum/thread/show/401...

Cheers, Edward

--
Sometimes they fool you by walking upright.

Anthony Wells RE: was this reply relevant, take 2
Expert Contributor 21st Apr, 2010 18:32
Score: 2434
Posts: 3,317
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 21st Apr, 2010 18:35
Hello Edward ,

Only guessing , but as a "newly" interested party after revisiting the specific thread you link to , I wonder if there is a conflict in this specific case between the "thread" (which is derived directly from a Secunia Advisory) - as we see it here in the Forum and where the input could be "relevant" - and the same posts which are seen as "comments" in the actual Secunia Advisory and might not be relevant to the actual security problem/subject in the SA - the minus 5 points is a heavy hit and looks like it comes from above .

Certainly worth clarifying with Secunia on rules and the necessity of cleaning up "technical" threads for ease of consumption as , say , opposed to relevancy ; notwithstanding , there may well be somewhat arbitrary voting occuring on other threads and which does generate the problem which you mention .

Will be interested to see/hear what you and other members suggest .

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
metaed RE: was this reply relevant, take 2
Member 21st Apr, 2010 18:40
Score: 1
Posts: 109
User Since: 11th Feb 2009
System Score: 100%
Location: US
I apologize, I am not getting the distinction. It looks to me as if each advisory is also a discussion thread, so there seem to be two ways to find the advisory: via the Forum menu, and via the Advisory menu.

The specific thread I referenced is about a patchable vulnerability. Are you saying readers might consider information about how to get the patch in place and confirm the safety of their system to be not relevant to the vulnerability?

Cheers, Edward

--
Sometimes they fool you by walking upright.
Was this reply relevant?
+0
-0
Anthony Wells RE: was this reply relevant, take 2
Expert Contributor 21st Apr, 2010 19:00
Score: 2434
Posts: 3,317
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 21st Apr, 2010 19:18
As far as I can see , if you add a comment to/under the actual SA , it opens the thread in the Forum with/in what appears to be an edited fashion with the Secunia post first and the fisrt poster second with the same date/time stamp .

So any posts are seen by all/casual readers of the SA (should they scroll down to te comments section) in the same way as those reading them in the Forum looking to handle say a PSI/OSI detection problem , which may not be relevant to the SA in itself .

Like I said , only guessing ; but if , for example , you have a PSI problem that in itself does not have any direct effect on the SA ??

Anthony


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
metaed RE: was this reply relevant, take 2
Member 21st Apr, 2010 22:24
Score: 1
Posts: 109
User Since: 11th Feb 2009
System Score: 100%
Location: US
Yes, it seems there are actually two different Forum categories to which people might address comments on a problem patching a vulnerability.

And PSI invites the user to both places.

One invitation is the insecure program's fourth icon from the left. This one displays online references---the first link takes you directly to the open thread for the advisory (in the Vulnerabilities category).

The other invitation is the insecure program's last icon on the right. As you pointed out, this one takes you to the list of threads for the program, from which you can research or else create a new thread (in the Programs category).

If anything, the Vulnerabilities icon is more inviting for questions and comments on the vulnerability. This is both because it does not come last in the list and because it takes you to a comment box in an already open thread. It is probably the first place that many users end up in their search for information, and it immediately invites them to ask a question or make a comment. This is certainly the way it often works out for me.

If the forum admins are demoting comments made there for posing them in the "wrong" category, I suggest rethinking this workflow. Right now the PSI product is making this very inviting.

The first idea that comes to mind, maybe not the best but a starting point:

Perhaps the advisory page should not invite comments---eliminate the Vulnerabilities forum and instead have the advisory page link to the related Programs forum page.

--
Sometimes they fool you by walking upright.
Was this reply relevant?
+0
-0
This user no longer exists RE: was this reply relevant, take 2
Member 22nd Apr, 2010 09:24
Hi,

@Edward
We take care to avoid abuse of the vote system, but the Vulnerabilities forum is a special case. In here, most replies will be irrelevant, because the usually "on-topic" discussions (ie. how to patch someone) aren't on-topic here. Therefore posting irrelevant posts to the vulnerabilities forum will almost inevitable end in a down-vote.

Forum usage clarification is under progress. It will be made more obvious which forum should be used for what shortly.

Was this reply relevant?
+0
-0
metaed RE: was this reply relevant, take 2
Member 22nd Apr, 2010 16:39
Score: 1
Posts: 109
User Since: 11th Feb 2009
System Score: 100%
Location: US
Thank you, that's helpful to know.

Discussion of a vulnerability is nearly always about whether it is a real problem, what the risks are, and how to secure one's system against it, and that is all on topic in the Programs area. So it seems to me the open thread on the vulnerability page is redundant.

Instead of using points to discourage use of the Vulnerabilities forum, or using a text that says basically "post elsewhere", please just do away with it. Link the advisories to the Programs forum and let all discussion of a program, its vulnerabilities, and the solutions, be in one place.

Cheers, Edward

--
Sometimes they fool you by walking upright.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability