Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HP Full Disclosure Story

From: full-disclosure () lists netsys com (Defender Defender)
Date: Sat, 24 Aug 2002 22:09:57 +0000
Just take a look at real world.
When you buy a beer or a car and then find a bug in it, you may disclose 
the bug as you wish. (As bonus, both beer and cars come with > warranties, 
unlike warez).



- We dont talk of simple bugs here. We talk of vulnerabilities.
- Up to the client to select vendors that provide warranty. Free market.


So what makes beer and cars so different than warez?


Not much different. The difference lies in simple bug (that sometimes 
compromise the very functionality of the software), and vulnerability 
(rarely compromises functionality, but could become risk under presence of 
someone capable of exploiting it).



Or are you suggesting that if someone gets poisoned by a single buggy beer, 
they keep quiet for thirty days so the beer maker fix the bug  silently?


In this case, the threat arises from the very act of drinking the beer. 
There is no relation between the disclosure and the threat. Again, we dont 
talk of the same problem.

But I believe you know that (guess you are a brillant person), you just lack 
the honesty of presenting a valid analogy that could make you loose the 
argumentation...



_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com
Previous By Date Next
Previous By Thread Next

Current thread: