Full Disclosure mailing list archives

Re: no more public exploits

From: chris <chris () cr-secure net>
Date: Tue, 27 Apr 2004 13:19:44 -0400

Heres my two cents :-/

Exploit code is better kept private.
Advisories should be public.

Why?

Because exploit code is not easy to write depending on the bug. And Ifor one sure dont want some 'penetration tester' taking my code andplugging it into his automated scanner and collecting the cash. Im farto greedy to watch that happen. Sorry.


NON-Disclosure of Exploit code.
Full-Disclosure of Advisories.

As far as the discussion of sysadmins patching on time or not. All Iwill say is this . . . if they did patch on time there wouldnt be awww.zone-h.org.


- borg (ChrisR-)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: no more public exploits, (continued)
- RE: no more public exploits Duquette, John (Apr 27)
  - Re: no more public exploits Dave Sherohman (Apr 27)
  - Re: no more public exploits Yabby (Apr 27)
    - Detecting newly added Windows Services (was: no more public exploits) Marcel Krause (Apr 28)
- RE: no more public exploits Douglas Carvalho (Apr 27)
- RE: no more public exploits Ng, Kenneth (US) (Apr 27)
  - Re: no more public exploits Dave Aitel (Apr 27)
    - Re: no more public exploits nicolas vigier (Apr 27)
    - Re: no more public exploits Dave Aitel (Apr 27)
- RE: no more public exploits Ng, Kenneth (US) (Apr 27)
- Re: no more public exploits chris (Apr 27)
  - Re: no more public exploits james (Apr 27)
  - Re: no more public exploits Felipe Cerqueira - skylazart (Apr 28)
    - Re: no more public exploits gcb33 (Apr 28)
- Re: no more public exploits Evgeny Demidov (Apr 28)
  - RE: no more public exploits xavier.poli (Apr 28)
    - Re: no more public exploits Evgeny Demidov (Apr 28)
- no more public exploits Helmut Hauser (Apr 29)