Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fwd: [ISN] Security experts hit out at "unethical" bugfinder

From: Isaac Dawson <isaac.dawson () gmail com>
Date: Mon, 14 Mar 2005 21:47:44 -0500
lo all,
One point I would like to make is I've run into vendors who knew about
the issue and did nothing about it. I've actually had them tell me 'Oh
we knew about this problem, I guess we should fix it huh?' Uhm... Yeah
... Let's face it folks vendors are their to sell you software to make
money, the cheapest and quickest way they can do it is their bottom
line. Of course they're gonna get all in a hissy fit when you find
vulnerabilities (ethics aside) they're upset because it is costing
them $$$.Can we move onto a less beaten dead horse of a topic now? :D.
-isaac



On Mon, 14 Mar 2005 21:28:25 -0500 (EST), Chris Wysopal
<weld () vulnwatch org> wrote:



On Mon, 14 Mar 2005, H D Moore wrote:


Just to clarify, Digital Defense is not a VSC, they are a managed risk
assessment service provider. While they do scan for and report a number
of a non-public flaws, the vendors have been notified and either refused
to address the problem or simply did not care.


Sorry about that HD. I meant to type iDefense. I know, how could I get the
2 confused.

-Chris
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: