funsec mailing list archives
Re: Security research vuln pimps
From: der Mouse <mouse () rodents-montreal org>
Date: Mon, 26 Apr 2010 16:47:31 -0400 (EDT)
If you tell the world about a flaw in operational software/hardware, you increase the pool of threat agents that know about it, increase the likelihood they will attack, and increase the chance they will be successful.
True...as far as it goes. Oddly enough, you also increase the pool of people competent to fix the issue, increase the likelihood it will be fixed promptly, and increase the likelihood that workarounds will be deployed in cases where they can be. Which outweighs the other? That depends. But pretending the good effects don't exist makes about as much sense as other people pretending the bad effects don't exist. Neither one matches reality, and taking actions based on beliefs that disagree with reality is not a good way to get the results you want. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mouse () rodents-montreal org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Security research vuln pimps Hubbard, Dan (Apr 26)
- Re: Security research vuln pimps der Mouse (Apr 26)
- Re: Security research vuln pimps Dave Paris (Apr 26)
- Re: Security research vuln pimps Rich Kulawiec (Apr 26)
- Re: Security research vuln pimps der Mouse (Apr 26)
- Re: Security research vuln pimps Michal Zalewski (Apr 28)
- Re: Security research vuln pimps Jeffrey Walton (Apr 26)
- Re: Security research vuln pimps Peter Kosinar (Apr 26)
- Re: Security research vuln pimps Hubbard, Dan (Apr 26)
- Re: Security research vuln pimps Peter Kosinar (Apr 26)
- Re: Security research vuln pimps der Mouse (Apr 26)