Re: oracle not only offeder - researchers NOT responsible?

[RLVaughn <Randy_Vaughn () baylor edu>]

Gadi Evron wrote:
> The following is a very well researched text from Matthew Murphy's blog
> discussing the matter of disclosing vulnerabilities to many vendors (and
> specifically Microsoft). Further, as I understand it, he shows how
> vendors today use terms such as "responsible disclosure" to scare
> researchers and claim they are NOT responsible if they don't do it their
> way.
>
> While I certainly did not dispute the facts that David Litchfield showed
> of Oracle's behaviour, I did not agree with how he did it or that Oracle
> is alone.
>
> Oracle is not the only offender, and while I agree that Microsoft has
> come a LONG way and takes security a whole lot more seriously than they
> used to.. they still seem to not understand the security community and
> treat security as a PR problem.
>
> He shows specific cases and vulnerabilities, and is worth a read. Quite
> Refreshing and very informative.
>
> http://blogs.securiteam.com/index.php/archives/133
>
>     Gadi.
>
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

MY NAME IS MR.ZIMMER JONES, PERSONAL ASSISTANT TO MR CONRAD BLACK.THE
MEDIA TYCOON,CHAIRMAN/CEO OF HOLLINGER INTERNATIONAL

Oops! Sorry, wrong mailing.  My mail client must be messed up as I
keep getting this mail from Gadi over and over again.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.