it's all about timing

[full-disclosure () lists netsys com (Schmehl, Paul L)]

Ask yourself this question.....how many weeks of advance notice to the
vendors will it take to make you lawsuit-proof?

If you're at all intelligent, you'll realize there's no right answer to
that question.  It depends on how pissed the vendor is, how much cash
they have laying around, how much work their lawyers have, how much the
publicity hurts, etc., etc., etc.

It would be nice, in a perfect world, to have everyone adapt rfp's
disclosure guidelines, but it ain't gonna happen.  Not in this world.
And do you really think a hacker in, say the Netherlands, gives a rats
ass about a lawsuit in America?  (Or vice versa?)

Paul Schmehl (pauls () utdallas edu)
Supervisor of Support Services
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/


> -----Original Message-----
> From: Florin Andrei [mailto:florin () sgi com] 
> Sent: Wednesday, July 31, 2002 4:27 PM
> To: bugtraq () securityfocus com
> Cc: full-disclosure () lists netsys com
> Subject: [Full-disclosure] it's all about timing
>
>
> (i'm going to go a little bit further from the HP/Snosoft 
> case, so don't be surprised if some of the statements below 
> do not fit 100% in that
> case)