Full Disclosure mailing list archives
Re: Publishing exploit code - what is it good for
From: Lionel <nop () alt net>
Date: Thu, 07 Jul 2005 03:31:15 +1000
Aviram Jenik wrote:
What I need is a security administrator, CSO, IT manager or sys admin that can explain why they find public exploits are good for THEIR organizations. Maybe we can start changing public opinion with regards to full disclosure, and hopefully start with this opinion leader.
Speaking with my sysadmin, netadmin & (sometimes) IT manager hats on, the reason *I* value full-disclosure security reports is simply because of the business politics involved in dealing with security issues at a company level. It's much, *much* easier to convince a CEO/CIO to allocate urgent resources (in both labour & funding) to deal with a *proven*, security vulnerability, than to a 'theoretical' security issue. And another business slant on this is that it's better to be one of millions of organisations being threatened by a well-documented, publically-known exploit that'll probably be patched by the software vendor or neutralised by the anti-virus companiess in a few days, than to be one of a few dozen organisations targetted by professional extortionists with *unreported* vulnerabilities in their toolkit, for which you have zero knowledge, & against which you are helpless.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Publishing exploit code - what is it good for Curt Sampson (Jul 01)
- <Possible follow-ups>
- RE: Publishing exploit code - what is it good for Socrates (Jul 01)
- RE: Publishing exploit code - what is it good for Morales, David (Seta) (Jul 01)
- Re: Publishing exploit code - what is it good for Joachim Schipper (Jul 01)
- Re: Publishing exploit code - what is it good for ChayoteMu (Jul 02)
- RE: Publishing exploit code - what is it good for Harry Metcalfe (Jul 02)
- RE: Publishing exploit code - what is it good for wnorth (Jul 05)
- Re: Publishing exploit code - what is it good for Lionel (Jul 06)