Full Disclosure mailing list archives
RE: Websites vulnerabilities disclosure
From: "Adriel Desautels" <adesautels () comcast net>
Date: Fri, 7 Oct 2005 13:10:01 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greets, If the issue impacts a single person then why does the world need to know? In that case disclosure is pointless and damaging. If however the issue impacts many people some of which you don't know and have no way of contacting, then disclosure is a must as it will protect them in the long run. Don't get the arguments mixed up. Generally speaking, vulnerabilities almost never impact a single person, even web application vulnerabilities. - --> -----Original Message----- - --> From: full-disclosure-bounces () lists grok org uk - --> [mailto:full-disclosure-bounces () lists grok org uk] On - --> Behalf Of Valdis.Kletnieks () vt edu - --> Sent: Friday, October 07, 2005 12:43 PM - --> To: Raghu Chinthoju - --> Cc: full-disclosure () lists grok org uk - --> Subject: Re: [Full-disclosure] Websites vulnerabilities disclosure - --> - --> On Fri, 07 Oct 2005 14:38:34 +0530, Raghu Chinthoju said: - --> > I say, "... hey listen! your house entrance door latch - --> isn't strong - --> > enough.. there are only 4 screws instead 16, which is the - --> practice.. - --> > you have a risk of some one easily barging into your - --> house ...". For - --> > some reason you don't respond.. I publish it in the local - --> news paper - --> > that ".. Mr. X's door latch is week and any one can break - --> it easily - --> > ..." Do you think it is ethical??? I seriously think not. - --> - --> The ethics change somewhat if instead of Mr. X, it's a - --> branch of a bank with many customers, or one of those - --> "You-Store-It" storage facilities, or if it's a medical - --> research lab that works with dangerous pathogens, or - --> anyplace else where it's more than just Mr. X's goods or - --> well-being that's endangered.... - --> - --> -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 Comment: http://www.secnetops.com iQA/AwUBQ0ar6ZNLRT/rHZe1EQLPOgCgvbcqJKz2WX3lpgJczOp3A0fy/QoAoMOe sHmZy9YJ8O2FBZoVmKXs5ay+ =aj61 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Websites vulnerabilities disclosure offtopic (Oct 05)
- Re: Websites vulnerabilities disclosure Javi Polo (Oct 06)
- Re: Websites vulnerabilities disclosure Georgi Guninski (Oct 06)
- Re: Websites vulnerabilities disclosure Stan Bubrouski (Oct 07)
- Re: Websites vulnerabilities disclosure Raghu Chinthoju (Oct 07)
- Re: Websites vulnerabilities disclosure Peer Janssen (Oct 07)
- Re: Websites vulnerabilities disclosure Valdis . Kletnieks (Oct 07)
- RE: Websites vulnerabilities disclosure Adriel Desautels (Oct 07)
- <Possible follow-ups>
- RE: Websites vulnerabilities disclosure offtopic (Oct 06)
- Re: Websites vulnerabilities disclosure Georgi Guninski (Oct 07)
- RE: Websites vulnerabilities disclosure Fielder, Kevin (GE Consumer Finance) (Oct 07)
- Re: Websites vulnerabilities disclosure TheGesus (Oct 07)