Firewall Wizards mailing list archives

Re: Open Source vs. Closed Source [ was Re: Firewall Throughput ]

From: amanda <amanda () wineasy se>
Date: Fri, 15 Sep 2000 09:36:36 "GMT"


You could always make an anonymous post to bugtraq and attach some exploit
code for the script kiddies. That should get the vendors attention. Or at
least it will make some other customers complain loudly to the vendor.

Just look at how Microsoft reacted to last summers IIS exploit from eEye.
For several days they completely ignored it until it turned up on bugtraq.
Then they fixed it in a few hours.

Amanda.

On Thu, 14 Sep 2000, Chris Calabrese wrote:

In almost every case, when I've reported these holes to the
vendors, they were ignored.  Since I am constrained in my  
ability to disclose these holes to the general public (for 
other reasons), the holes are still out there waiting to be
exploited.
This also matches my experience when I've worked
for major software vendors.  Security holes generally
are only addressed if genuine customers complain  
about them, if the company's own IT shop complains
about them, or if some certification that's needed
for a big contract gets rejected because of them.



_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

Current thread:

Open Source vs. Closed Source [ was Re: Firewall Throughput ] Chris Calabrese (Sep 14)
- RE: Open Source vs. Closed Source [ was Re: Firewall Throughput ] Domenico De Vitto (Sep 16)
- <Possible follow-ups>
- Re: Open Source vs. Closed Source [ was Re: Firewall Throughput ] amanda (Sep 16)
  - Re: Open Source vs. Closed Source [ was Re: Firewall Throughput ] Doug Hughes (Sep 18)
    - Re: Open Source vs. Closed Source [ was Re: Firewall Throughput ] dbell (Sep 19)
- Re: Open Source vs. Closed Source [ was Re: Firewall Throughput ] ark (Sep 20)