Full Disclosure mailing list archives
reasonable return on investment; better investments in security [was Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555)]
From: coderman <coderman () gmail com>
Date: Sun, 21 Apr 2013 13:29:03 -0700
On Fri, Apr 19, 2013 at 1:26 PM, <paul.szabo () sydney edu au> wrote:
...2012-02-15 - Vulnerability Discovered by VUPEN 2013-03-06 - Vulnerability Exploited At Pwn2Own 2013 and Reported to Adobe...Is a delay of a year before reporting to the vendor, acceptable?
three years or more is better of course! i would not be disappointed with a dozen months, however. alas external factors (especially when licenses are non-exclusive) complicate longevity of weaponized exploits... if you really want to improve security: a) remove all criminal and civil liability for "hacking", computer trespass, and all related activities performed over data networks; establish proactive "shield" legislation to protect and encourage unrestricted security research of any subject on any network. extend to international agreements for blanket protection in all jurisdictions. b) establish lock picking, computing, and hacking curriculum in pre school through grade school with subsidized access to technical resources including mobile, tablet, laptop test equipment, grid/cloud computing on-demand, software defined radios with full receive/transmit, and gigabit internet service or faster. c) organize a program of blue and red teaming challenges for educational and public participation at the district, regional, and national level cultivating expertise and rewarding it with hacking toys, access, and monies. if implemented, i can guarantee a significant and measurable improvement in the security posture of the systems that remain in such an environment. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- reasonable return on investment; better investments in security [was Re: VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555)] coderman (Apr 21)