oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser

From: Dave Horsfall <dave () horsfall org>
Date: Sun, 26 Jul 2015 07:55:54 +1000 (EST)
On Sat, 25 Jul 2015, Leif Nixon wrote:


What many people don't seem to realize is how much the availability of 
ready-to-run exploits increases the risk to innocent bystanders.


Although a supporter of full disclosure (it was the only way to get MS to 
fix their egregious bugs), I'd be really pissed off if I woke up one 
morning to find my system r00ted because some idiot got his jollies by 
announcing the exploit at the same time as the patch.

What would be a reasonable interval (for some definition of "reasonable") 
in that case?  24 hours?  48 hours?  0 hours?

I seem to recall that we had this discussion a few years ago...

-- 
Dave Horsfall DTM (VK2KFU)  "Those who don't understand security will suffer"
Watson never said "I think there is a world market for maybe five computers."
Previous By Date Next
Previous By Thread Next

Current thread: