Full Disclosure mailing list archives
Re: Vulnerability Disclosure Debate
From: Jeremiah Cornelius <jeremiah () nur net>
Date: Thu, 7 Aug 2003 11:13:18 -0700
On Thursday 07 August 2003 09:53 am, gridrun wrote:
Vulnerability Disclosure Debate by gridrun on 8/07/03
<SNIP>
In my humble, personal opinion, this step seeks to maximize income of several large security firms, as they would release any detailed information only to paying groups of subscribers... An inherently dangerous plan, and the argumentation behind it is severely flawed.
<SNIP>
Apparently, M$' fix doesnt really fix the problem to its full extent, and in some cases, is believed to leave machines vulnerable to the attack. Again, something which was to be discovered by END USERS loading proof-of-concept exploits and trying them on their own systems. To me, it makes no sense to blindly trust in a software vendor's patch, when it has repeately been shown that software vendor's patches often do not fully provide the anticipated security fixes. Obviously, time has NOT yet come to say goodbye to full disclosure, and doing so would leave end users at the fate of some sotware producers' industry consortium to take care of OUR security - which they have repeatedly shown to be incapable of.
<SNIP> Hallelujah! I believe you! I believe! We all in the Choir, back here on this bench. Write this up in language that moderates invective, cite specific cases and exploits - then publish away! SF needs articles, SysAdmin needs articles... -- Jeremiah Cornelius, CISSP, CCNA, MCSE email: jcorneli () hotmail com "What would be the use of immortality to a person who cannot use well a half hour?" --Ralph Waldo Emerson _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Vulnerability Disclosure Debate gridrun (Aug 07)
- Re: Vulnerability Disclosure Debate Joel R. Helgeson (Aug 07)
- Re: Vulnerability Disclosure Debate Florian Weimer (Aug 07)
- Re: Vulnerability Disclosure Debate Ben Laurie (Aug 13)
- Re: Vulnerability Disclosure Debate Jeremiah Cornelius (Aug 07)
- Re: Vulnerability Disclosure Debate Florian Weimer (Aug 07)
- Re: Vulnerability Disclosure Debate Georgi Guninski (Aug 07)
- Re: Vulnerability Disclosure Debate Geoincidents (Aug 07)
- Re: Vulnerability Disclosure Debate Cesar (Aug 07)
- Re: Vulnerability Disclosure Debate gregh (Aug 07)
- Re: Vulnerability Disclosure Debate Matthew Murphy (Aug 07)
- Re: Vulnerability Disclosure Debate Darren Bennett (Aug 07)
- Re: Vulnerability Disclosure Debate Matthew Murphy (Aug 07)
- RE: Vulnerability Disclosure Debate Jason Coombs (Aug 08)
- RE: Vulnerability Disclosure Debate Mike Fratto (Aug 08)
- Re: Vulnerability Disclosure Debate Darren Bennett (Aug 07)
- Re: Vulnerability Disclosure Debate Joel R. Helgeson (Aug 07)