Re: Cyber attacks "escalating" on irresponsible Tavis Ormandy disclosure

[fyne_ugo () yahoo com]

Vulnerabilities shouldn't be disclosed publicly. Its only hackers that would benefit from them. There should be bodies 
that will follow up and check them.
Sent from my BlackBerry wireless device from MTN

-----Original Message-----
From: Jeffrey Walton <noloader () gmail com>
Sender: listbounce () securityfocus com
Date: Tue, 6 Jul 2010 14:31:19 
To: Murda<murdamcloud () bigpond com>
Reply-To: noloader () gmail com
Cc: <security-basics () securityfocus com>
Subject: Re: Cyber attacks "escalating" on irresponsible Tavis Ormandy 
        disclosure

> Personally, I think that a huge fist of economics may at some point render
> some of these points moot. Companies may well not be able to afford to care
> about holes...especially when those companies are reliant on over-leveraged
> financial systems.
I'd settle for some sort of product liability. Its not hard to imagine
the discovery phase of litigation revealing that a vendor sat on a bug
for years....

On Mon, Jul 5, 2010 at 7:29 PM, Murda <murdamcloud () bigpond com> wrote:
> So this seems to boil down to the two arguments(in my mind at least):
> "The action of disclosing vulnerabilities may increase the risk of a breach
> but may increase the likelihood of the vendor fixing the hole,"
>
> Versus:
>
> "The inaction of not disclosing the vulnerability may decrease the risk of a
> breach but does not increase the likelihood of a vendor fixing the hole,"
>
> Does that sound right? Anyone who has the ability to quantify those
> arguments in a meaningful manner wins the right to tell me how the stock
> market will fluctuate in the next six months...
>
>
> Perhaps the thread name could (just as justifiably?) be "Cyber Attacks
> "escalating" after irresponsible MS not fixing hole".
>
> Personally, I think that a huge fist of economics may at some point render
> some of these points moot. Companies may well not be able to afford to care
> about holes...especially when those companies are reliant on over-leveraged
> financial systems.
>
> [SNIP]

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------