Bugtraq mailing list archives
RE: Can we afford full disclosure of security holes?
From: rms () privacyfoundation org (Richard M. Smith)
Date: Fri, 10 Aug 2001 15:32:53 -0400
I've probably found a dozen or so security holes in Microsoft products. Many of these problems were reported on BugTraq list without full disclosure. How come so few people have ever approached me for the full details? I guess I don't see the same level of demand for full-disclosure as you do. However one thing is now crystal clear with Code Red: full-disclosure comes with one of hell of a price tag. There has to be a better way. Richard -----Original Message----- From: aleph1 () securityfocus com [mailto:aleph1 () securityfocus com] Sent: Friday, August 10, 2001 3:24 PM To: Richard M. Smith Cc: bugtraq () securityfocus com Subject: Re: Can we afford full disclosure of security holes? * Richard M. Smith (rms () privacyfoundation org) [010810 19:19]:
For this particular IIS bug, it is all very simple. If you run IIS, download the Microsoft patch! Buffer overflows are a dime a dozen. Who really cares about the details of this particular problem other than Microsoft?
Who cares? System administrators, security vendors, researchers, etc. Did you not read my message? All these people need the information.
Richard
-- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
Current thread:
- Re: Can we afford full disclosure of security holes?, (continued)
- Re: Can we afford full disclosure of security holes? Ryan Russell (Aug 10)
- Re: Can we afford full disclosure of security holes? Scott Blake (Aug 10)
- Re: Can we afford full disclosure of security holes? antirez (Aug 10)
- Re: Can we afford full disclosure of security holes? Alun Jones (Aug 10)
- RE: Can we afford full disclosure of security holes? Guy Helmer (Aug 10)
- Re: Can we afford full disclosure of security holes? Chris Wolfe (Aug 10)
- Re: Can we afford full disclosure of security holes? Randy Taylor (Aug 10)
- Re: Can we afford full disclosure of security holes? aleph1 (Aug 10)
- Re: Can we afford full disclosure of security holes? Bill Arbaugh (Aug 10)
- RE: Can we afford full disclosure of security holes? bodzincm (Aug 10)
- RE: Can we afford full disclosure of security holes? Richard M. Smith (Aug 10)