Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How much time is appropriate for fixing

From: "Gary E. Miller" <gem () rellim com>
Date: Tue, 10 Jul 2012 13:37:01 -0700
Yo Thor!

On Tue, 10 Jul 2012 19:58:16 +0000
"Thor (Hammer of God)" <thor () hammerofgod com> wrote:


People do not disclose their research to make
the world a better place.  They do it for recognition or for money.


I would argue there is a 3rd reason.  Self defense.  I and others have
had issues of our servers being attacked by unkown evil doers.  To keep
our servers running we need to reverse engineer the hack and get the
bug fixed or the attack vector blocked.  Until '* Disclosure' in its many
aspects was common it was virtually impossible to get vendors to fix
open holes being actively used by attackers.  The public shaming of
'* Disclosure' large companies found denial a very easy and cheap
resonse to bugs that were killing us.

So in this case recognition is not an issue and money is not an issue
for any non-commercial servers.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701
        gem () rellim com  Tel:+1(541)382-8588

Attachment: signature.asc
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: