Dailydave mailing list archives
Re: Subject: Re: How Apple orchestrated web attack on (Bow Sineath)
From: "Adriel T. Desautels" <adriel () netragard com>
Date: Wed, 21 Mar 2007 13:59:22 -0400
IMHO, theses most vendors won't dare threaten any legal action if you have a solid bug release/advisory methodology in place. Doing so would make them look like they were trying to quash your research. When we (SNOsoft) were working with HP back in early 2000 they threatened legal action in an attempt to do just that, quash our research. Look at how it backfired. A lot of people felt that HP cared more about quashing security research than they did protecting their customers. That's a message that companies are trying to avoid sending these days. Granted, certain companies are still more difficult to work with than others, but if your methodology for release is well built then you won't be giving them a legal leg to stand on. You're just doing the right thing. If not releasing bug information results in bugs left unchecked, then you are doing an injustice to the I.T. Community, that's how I feel at least. On 3/21/07 10:00 AM, "johnny cache" <johnycsh () gmail com> wrote:
You have totally missed the point of my mail. Everyone in this wireless cock-up handled it wrong. Dave and Co did it for the media,Actually, you know why we did a mac and not windows? Because at the time of the presentation dave had recently left ISS (under good terms) to pursue an offer at secureworks. Since Dave did lots of Windows kernel level work at ISS, it seemed like the easiest way to avoid even the impression of impropriety on his part was to do something he wasn't exposed to while employed at ISS. Not doing Windows was the simplest solution. In short,we did it to avoid any legal pressure. Hindsight is always 20/20, isnt it? And if anyone is curious, I agree completely with Bow when he says he simply doesn't bother reporting bugs any more. The only company I really trust not to do anything really unethical is Microsoft. <queue the microsoft-funds-everything-that-makes-apple-look-bad conspiracy theorists.> -jc _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
-- Regards, Adriel T. Desautels Chief Technology Officer - Netragard, LLC Office: 617-934-0269 || Mobile : 857-636-8882 http://www.linkedin.com/pub/1/118/a45 http://www.netragard.com ------------------------- "We make IT secure." _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Subject: Re: How Apple orchestrated web attack on (Bow Sineath) johnny cache (Mar 21)
- Re: Subject: Re: How Apple orchestrated web attack on (Bow Sineath) Adriel T. Desautels (Mar 21)
- Re: Subject: Re: How Apple orchestrated web attack on (Bow Sineath) Steve Manzuik (Mar 26)
- Re: Subject: Re: How Apple orchestrated web attack on (Bow Sineath) Adriel T. Desautels (Mar 21)