Full Disclosure mailing list archives
A CALL TO ARMS ON RESPONSIBLE DISCLOSURE
From: Jean Trolleur <sigtstp () gmail com>
Date: Mon, 12 Oct 2009 07:11:30 -0600
Greetin's t'my homeys and colleagues uh Full Disclosho' man: De days uh "responsible disclosho' man" be now behind us. Fo' years many in de security community been playin' games wid software and hardware vendo's, by attemptin' t'"responsibly" repo't security vulnerabilities. Mo'e often dan not, especially de case wid some select few companies, only one uh de two ssnatchholders involved be actually practicin' nuthin dat resembles responsibility. Slap mah fro! One majo' vendo' comes t'mind here (Apple, I'm lookin' at ya'). Dis vendo' spends hundreds uh millions uh dollars each year on advertisin' drough various media claimin' deir products is secure, o' at least mo'e secure dan de competishun. When actual vulnerabilities is repo'ted t'Apple, de company may spend down t'a year sittin' on dese befo'e dey is mitigated by security downdates. Compoundin' dis issue be de observashun dat security practices in Apple code be ho'ribly substandard. Even wo'se - due t'de opaque nature uh de company - we gots absolutely no idea if changes is in place t'improve downon dese issues. All uh dis brin's us t'de inevitable conclusion, dig dis: Responsible disclosho' be only justifiable wid responsible vendo's. If vendo's likes Apple continue t'completely disregard security, dere be no reason fo' any sucka in de community t'play deir game. Dank ya', and baaaad night. Man! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- A CALL TO ARMS ON RESPONSIBLE DISCLOSURE Jean Trolleur (Oct 12)