Penetration Testing mailing list archives
Re: Full Disclosure of Security Vulnerabilities
From: Joxean Koret <joxeankoret () yahoo es>
Date: Thu, 01 Nov 2007 02:03:10 +0100
Hi, Make it public *only* if you're sure you will be free of problems after it... If it will cause you any kind problem you should ignore it. Joxean Koret On miƩ, 2007-10-31 at 17:00 +0000, jfvanmeter () comcast net wrote:
Hello Everyone, I would llike to get your thoughts on Full Disclosure of Security Vulnerabilities . About 3 weeks ago during a per-test of a software suite for a client of myine, I found a directory traversal in a software suite that my client has installed on thousands of workstation. I send screen shots and a packet capture to the vendor and they were able to to recreate the exploit. my cleint doesn't want to go public with it because of the thousands of workstations and servers that its installed on. I also don't believe the vendor will go public with it, what would you all do? Best Regards --John ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Full Disclosure of Security Vulnerabilities jfvanmeter (Oct 31)
- Re: Full Disclosure of Security Vulnerabilities Nikolaj (Oct 31)
- RE: Full Disclosure of Security Vulnerabilities Debasis Mohanty (Oct 31)
- Re: Full Disclosure of Security Vulnerabilities Joxean Koret (Oct 31)
- Re: Full Disclosure of Security Vulnerabilities Brian Toovey (Oct 31)
- Re: Full Disclosure of Security Vulnerabilities Thrynn (Oct 31)