Vulnerability Development mailing list archives
Re: Complicated Disclosure Scenario
From: David Carroll <dcarroll () hgo net>
Date: Thu, 17 Jan 2002 09:19:31 -0500
I think the most important part of the message is that they are not doing thier own investigating. If you don't have the time or tools to do more, and they refuse to, let someone who wants the challenge do it. Let it out, but warn the company that you are going to do so, and give them a bit of time in case they fell like doing something about it then.
Thus spake Josha Bronson:
This is the problem as it sits. If I reach out to "the community" for additional assistance with researching this bug I might as well just send out an advisory. If I release an advisory the vendor will most likely not have a patch ready, they will feel violated and the user base will [...] So, what would you do?
David Carroll System Administrator, HGO Technology www.hgo.net
Current thread:
- Complicated Disclosure Scenario Josha Bronson (Jan 17)
- Re: Complicated Disclosure Scenario terry white (Jan 17)
- RE: Complicated Disclosure Scenario Nathan Anderson (Jan 17)
- Re: Complicated Disclosure Scenario KF (Jan 17)
- Re: Complicated Disclosure Scenario Giurgiu Sergiu (Jan 17)
- Re: Complicated Disclosure Scenario Ryan Permeh (Jan 17)
- Re: Complicated Disclosure Scenario David Carroll (Jan 17)
- Re: Complicated Disclosure Scenario Nick Lange (Jan 17)
- Re: Complicated Disclosure Scenario Bill Weiss (Jan 17)
- Re: Complicated Disclosure Scenario Florian Weimer (Jan 17)
- Re: Complicated Disclosure Scenario Nick Lange (Jan 17)
- Re: Complicated Disclosure Scenario Mariusz Mazur (Jan 17)
- Re: Complicated Disclosure Scenario Dan (Jan 17)
- RE: Complicated Disclosure Scenario Dom De Vitto (Jan 17)
- RE: Complicated Disclosure Scenario Jose Nazario (Jan 17)
- Re: Complicated Disclosure Scenario Jeff Nathan (Jan 17)
- RE: Complicated Disclosure Scenario Jose Nazario (Jan 17)
- Re: Complicated Disclosure Scenario (Summary) Josha Bronson (Jan 19)
(Thread continues...)