Penetration Testing mailing list archives
Re: Things to do before vulnerability disclosure
From: Anthony Cicalla <anthony.cicalla () gmail com>
Date: Mon, 15 Jun 2009 18:32:59 -0700
Um, contact the vendor of the product as long as you tested it on your own network or you had permission to test and find the vulnerability on the network or host you found it on. If you contact the vendor 3 times and they do not respond regarding the issue then I have no issue with posting it to full disclosure to bring attention to the issue to force the vendor to resolve it or get their application moved to a not usable software as a result of the vulnerability. But that's just my opinion. Anthony On Mon, Jun 15, 2009 at 11:10 AM, Giuseppe Fuggiano<giuseppe.fuggiano () gmail com> wrote:
Hi list, What are, if any, the legal and "ethical" things to do before someone could publicly disclosure a given vulnerability? -- Giuseppe ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
-- Anthony, ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Things to do before vulnerability disclosure, (continued)
- Message not available
- Re: Things to do before vulnerability disclosure Jeremy Brown (Jun 17)
- Re: Things to do before vulnerability disclosure Aarón Mizrachi (Jun 17)
- Re: Things to do before vulnerability disclosure Adriel T. Desautels (Jun 17)
- Re: Things to do before vulnerability disclosure Jeffrey Walton (Jun 18)
- Re: Things to do before vulnerability disclosure Adriel T. Desautels (Jun 18)
- RE: Things to do before vulnerability disclosure Nick Vaernhoej (Jun 18)
- RE: Things to do before vulnerability disclosure Paul Melson (Jun 20)
- RE: Things to do before vulnerability disclosure Paul Melson (Jun 17)
- Re: Things to do before vulnerability disclosure Adriel T. Desautels (Jun 18)
- Re: Things to do before vulnerability disclosure Giuseppe Fuggiano (Jun 19)