funsec mailing list archives
Re: TippingPoint's 'Zero-Day Initiative' to Publish Unpatched Flaws
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Tue, 29 Aug 2006 03:04:53 -0400
On 8/28/06, Matthew Murphy <mattmurphy () kc rr com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Dude VanWinkle wrote: > On 8/28/06, Michal Zalewski <lcamtuf () dione ids pl> wrote: >> On Mon, 28 Aug 2006, Dude VanWinkle wrote: >> >> > "Tipping Point customers have been protected from this flaw since >> x.y.z" >> > Is that extortion? >> >> No. Sorry. >> > > I guess it depends on the vendor and how long they have given them to > patch the issue. > > Still FD of 30 0-days seems odd for a security company that will profit > off it. > > Que Sirah > > -JP This is not "full disclosure" of any of these vulnerabilities. The snippet ferg quoted says there will be a LIST of these issues published, and in fact it has been published: http://www.zerodayinitiative.com/upcoming_advisories.html This is called a "disclosure pipeline". IOW, it names vendors we have cases open with and the length of time those cases have been open. Also included is a self-issued internal severity rating from TippingPoint. There's minimal information actually provided.
whoops! I thought deails were provided sorry! _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- TippingPoint's 'Zero-Day Initiative' to Publish Unpatched Flaws Fergie (Aug 28)
- Re: TippingPoint's 'Zero-Day Initiative' to Publish Unpatched Flaws Dude VanWinkle (Aug 28)
- Re: TippingPoint's 'Zero-Day Initiative' to Publish Unpatched Flaws Michal Zalewski (Aug 28)
- Re: TippingPoint's 'Zero-Day Initiative' to Publish Unpatched Flaws Dude VanWinkle (Aug 28)
- Re: TippingPoint's 'Zero-Day Initiative' to Publish Unpatched Flaws Matthew Murphy (Aug 28)
- Re: TippingPoint's 'Zero-Day Initiative' to Publish Unpatched Flaws Josh Bressers (Aug 28)
- Re: TippingPoint's 'Zero-Day Initiative' to Publish Unpatched Flaws Matthew Murphy (Aug 28)
- Re: TippingPoint's 'Zero-Day Initiative' to Publish Unpatched Flaws Michal Zalewski (Aug 28)
- Re: TippingPoint's 'Zero-Day Initiative' to Publish Unpatched Flaws ric k (Aug 30)
- Re: TippingPoint's 'Zero-Day Initiative' to Publish Unpatched Flaws Michal Zalewski (Aug 28)
- Re: TippingPoint's 'Zero-Day Initiative' to Publish Unpatched Flaws Dude VanWinkle (Aug 29)
- Re: TippingPoint's 'Zero-Day Initiative' to Publish Unpatched Flaws Dude VanWinkle (Aug 28)