Penetration Testing mailing list archives
Re: Things to do before vulnerability disclosure
From: nrmaster <nrmaster () gmail com>
Date: Tue, 16 Jun 2009 08:40:11 -0700 (PDT)
In stark contrast to what a black hat would do (publish or more likely sell it on the black market), an ethical security expert ought to try to notify the vendor so that a patch or fix can be incorporated into the next hot fix and distributed to the public before the details of the exploit are widely available. This sort of approach also fortifies our posture as vulnerability researchers rather than security bug searchers. Obviously, any legal or regulatory obligations will depend on your local laws and/or regulations. Cheers -- View this message in context: http://www.nabble.com/Things-to-do-before-vulnerability-disclosure-tp24044921p24057042.html Sent from the Penetration Testing mailing list archive at Nabble.com. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Things to do before vulnerability disclosure, (continued)
- Re: Things to do before vulnerability disclosure Jeremy Brown (Jun 16)
- Message not available
- Re: Things to do before vulnerability disclosure Jeremy Brown (Jun 17)
- Re: Things to do before vulnerability disclosure Aarón Mizrachi (Jun 17)
- Re: Things to do before vulnerability disclosure Adriel T. Desautels (Jun 17)
- Re: Things to do before vulnerability disclosure Jeffrey Walton (Jun 18)
- Re: Things to do before vulnerability disclosure Adriel T. Desautels (Jun 18)
- RE: Things to do before vulnerability disclosure Nick Vaernhoej (Jun 18)
- RE: Things to do before vulnerability disclosure Paul Melson (Jun 20)
- RE: Things to do before vulnerability disclosure Paul Melson (Jun 17)
- Re: Things to do before vulnerability disclosure Adriel T. Desautels (Jun 18)
- Re: Things to do before vulnerability disclosure Giuseppe Fuggiano (Jun 19)