Full Disclosure mailing list archives
Re: Announcing new security mailing list
From: full-disclosure () lists netsys com (Matthew S. Hallacy)
Date: Thu, 11 Jul 2002 12:00:54 -0500
On Thu, Jul 11, 2002 at 09:04:21AM -0700, Blue Boar wrote:
There is no Bugtraq "scheme". The Bugtraq moderator does not hold any posts. The poster gets to decide when his informatino is released. The people who post to Bugtraq as just as able to blindside a vendor as on any other mailing list. The closest thing to what you describe that is offered by SecurityFocus is the vulnhelp service. This is a way for someone who finds a bug to voluntarily dump the hassle of dealing with notifying the vendor and waiting onto the SecurityFOcus staff. Someone who uses vulnhelp still wants to give the vendor advanced notice, they just don't want to do it themselves. If they don't want the vendor to have any warning, they just post to Bugtraq. BB
I disagree, I think my DOCSIS vulnerability posting is a good example of something that should have gone out immediately, but was /never/ posted. ( I ended up taking it to another list) It was valid, the vendors knew, but it was withheld because you deemed it 'malicious'. -- Matthew S. Hallacy FUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203
Current thread:
- Re: Announcing new security mailing list, (continued)
- Re: Announcing new security mailing list Marc Slemko (Jul 11)
- Re: Announcing new security mailing list Ron DuFresne (Jul 11)
- Re: Announcing new security mailing list Lupe Christoph (Jul 12)
- Re: Announcing new security mailing list martin f krafft (Jul 13)
- Re: Announcing new security mailing list V K (Jul 13)
- Re:Flares and personal opinions Berend-Jan Wever (Jul 13)
- Re:Flares and personal opinions Nick FitzGerald (Jul 13)
- Re:Flares and personal opinions David Benfell (Jul 14)
- Re: Announcing new security mailing list Marc Slemko (Jul 11)
- Re: Announcing new security mailing list martin f krafft (Jul 13)
- Re: Announcing new security mailing list Ulf H{rnhammar (Jul 13)
- Re: Announcing new security mailing list Blue Boar (Jul 11)
- Re: Announcing new security mailing list Steve (Jul 11)
- Flare Berend-Jan Wever (Jul 11)
- Message not available
- Flare Vanja Hrustic (Jul 12)