Firewall Wizards mailing list archives
Re: Open Source vs. Closed Source [ was Re: Firewall Throughput ]
From: amanda <amanda () wineasy se>
Date: Fri, 15 Sep 2000 09:36:36 "GMT"
You could always make an anonymous post to bugtraq and attach some exploit code for the script kiddies. That should get the vendors attention. Or at least it will make some other customers complain loudly to the vendor. Just look at how Microsoft reacted to last summers IIS exploit from eEye. For several days they completely ignored it until it turned up on bugtraq. Then they fixed it in a few hours. Amanda. On Thu, 14 Sep 2000, Chris Calabrese wrote:
In almost every case, when I've reported these holes to the vendors, they were ignored. Since I am constrained in my ability to disclose these holes to the general public (for other reasons), the holes are still out there waiting to be exploited. This also matches my experience when I've worked for major software vendors. Security holes generally are only addressed if genuine customers complain about them, if the company's own IT shop complains about them, or if some certification that's needed for a big contract gets rejected because of them.
_______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Open Source vs. Closed Source [ was Re: Firewall Throughput ] Chris Calabrese (Sep 14)
- RE: Open Source vs. Closed Source [ was Re: Firewall Throughput ] Domenico De Vitto (Sep 16)
- <Possible follow-ups>
- Re: Open Source vs. Closed Source [ was Re: Firewall Throughput ] amanda (Sep 16)
- Re: Open Source vs. Closed Source [ was Re: Firewall Throughput ] Doug Hughes (Sep 18)
- Re: Open Source vs. Closed Source [ was Re: Firewall Throughput ] ark (Sep 20)