funsec mailing list archives
Re: oracle not only offeder - researchers NOT responsible?
From: RLVaughn <Randy_Vaughn () baylor edu>
Date: Mon, 12 Dec 2005 17:19:40 -0600
Gadi Evron wrote:
The following is a very well researched text from Matthew Murphy's blog discussing the matter of disclosing vulnerabilities to many vendors (and specifically Microsoft). Further, as I understand it, he shows how vendors today use terms such as "responsible disclosure" to scare researchers and claim they are NOT responsible if they don't do it their way. While I certainly did not dispute the facts that David Litchfield showed of Oracle's behaviour, I did not agree with how he did it or that Oracle is alone. Oracle is not the only offender, and while I agree that Microsoft has come a LONG way and takes security a whole lot more seriously than they used to.. they still seem to not understand the security community and treat security as a PR problem. He shows specific cases and vulnerabilities, and is worth a read. Quite Refreshing and very informative. http://blogs.securiteam.com/index.php/archives/133 Gadi. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
MY NAME IS MR.ZIMMER JONES, PERSONAL ASSISTANT TO MR CONRAD BLACK.THE MEDIA TYCOON,CHAIRMAN/CEO OF HOLLINGER INTERNATIONAL Oops! Sorry, wrong mailing. My mail client must be messed up as I keep getting this mail from Gadi over and over again. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- oracle not only offeder - researchers NOT responsible? Gadi Evron (Dec 10)
- Re: oracle not only offeder - researchers NOT responsible? Blue Boar (Dec 10)
- Re: oracle not only offeder - researchers NOT responsible? Gadi Evron (Dec 10)
- Re: oracle not only offeder - researchers NOT responsible? Blue Boar (Dec 10)
- Re: oracle not only offeder - researchers NOT responsible? Gadi Evron (Dec 10)
- Re: oracle not only offeder - researchers NOT responsible? Blue Boar (Dec 10)
- Re: oracle not only offeder - researchers NOT responsible? Gadi Evron (Dec 10)
- Re: oracle not only offeder - researchers NOT responsible? Blue Boar (Dec 10)
- <Possible follow-ups>
- oracle not only offeder - researchers NOT responsible? Gadi Evron (Dec 12)
- oracle not only offeder - researchers NOT responsible? Gadi Evron (Dec 12)
- Re: oracle not only offeder - researchers NOT responsible? RLVaughn (Dec 12)
- Re: oracle not only offeder - researchers NOT responsible? Blue Boar (Dec 12)
- RE: oracle not only offeder - researchers NOT responsible? Aditya Deshmukh (Dec 12)
- Re: oracle not only offeder - researchers NOT responsible? Blue Boar (Dec 13)
- Re: oracle not only offeder - researchers NOT responsible? RLVaughn (Dec 12)