funsec mailing list archives
RE: sendmail vuln advisories (CVE-2006-0058)
From: "Kyle Quest" <Kyle.Quest () networkengines com>
Date: Thu, 23 Mar 2006 11:54:59 -0500
It is indeed hilarious... The only logical explanation is that even though sendmail MTA code is open source the official folks behind it are a business, so they don't want to scare/upset their paying customers with too many details about the vulnerabilities in the advisory. Without the details the vulnerability also seems less significant. It's all about the perception... K. P.S. The main reason for the so called responsible disclosure is that some people just want to make money, others want to be buddies with the vendors (which is often good for their professional careers), and in some cases (if you release the info through your company) you just don't want to be sued. Otherwise, most researchers would come out of the closet and openly support full disclosure. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: sendmail vuln advisories (CVE-2006-0058) Kyle Quest (Mar 23)