Bugtraq mailing list archives
Re: Full Disclosure works, here's proof:
From: cklaus () shadow net (Christopher Klaus)
Date: Fri, 2 Dec 94 12:07:44 EST
Anyways, it has been less than a week and here's SCO patches. If 8LGM had only reported the bugs to CERT and SCO, who knows how long would we have seen the patches?So, tell me, where did the full disclosure take place?
I was using full disclosure in the sense that the problem is reported to the world rather than just a select few of organizations. IMO, I don't think you need a no-brainer exploit script with a bug report before it is fully disclosed. Probably a enough info would be nice to check if this bug is vulnerable on other OSes since I doubt 8lgm has every machine and OS to test the vulnerabilities they find for a single machine.
We have seen no such fixes with the first batch of immediate full-disclosure 8lgm reports.
Well, that probably reflects the company that supports the OS. If 1 company can get patches out a week after the problems were disclosed world wide but without exploit scripts, and another company still hasn't officially patched security problems that were reported world wide with exploit scripts, then there seems to be something wrong here. And it isn't probably reflecting which method of disclosure works better. That is, with or without exploit scripts, that appears it doesn't make a difference on how a company handles security reports. -- Christopher William Klaus <cklaus () shadow net> <iss () shadow net> Internet Security Systems, Inc. Computer Security Consulting 2209 Summit Place Drive, Penetration Analysis of Networks Atlanta,GA 30350-2430. (404)518-0099. Fax: (404)518-0030
Current thread:
- Full Disclosure works, here's proof: Christopher Klaus (Nov 30)
- Re: Full Disclosure works, here's proof: Casper Dik (Dec 02)
- Re: Full Disclosure works, here's proof: Christopher Klaus (Dec 02)
- RE: Question... CUNNINGHAM () B PSC EDU (Dec 02)
- empty messages? Breakdown (Dec 02)
- Re: empty messages? Walker Aumann (Dec 02)
- /dev/tcp, and a LD_LIBRARY_PATH question. That Whispering Wolf... (Dec 02)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. anthony baxter (Dec 03)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Robert M. Haas (Dec 03)
- full disclosure list clarification Pete Hartman (Dec 02)
- Re: Full Disclosure works, here's proof: Casper Dik (Dec 02)
- pt_chmod carson () lehman com (Dec 02)
- Re: pt_chmod Karl Strickland (Dec 02)
- mktemp.. *Hobbit* (Dec 02)