Dailydave mailing list archives

Re: Subject: Re: How Apple orchestrated web attack on (Bow Sineath)

From: "Adriel T. Desautels" <adriel () netragard com>
Date: Wed, 21 Mar 2007 13:59:22 -0400

IMHO, theses most vendors won't dare threaten any legal action if you have a
solid bug release/advisory methodology in place. Doing so would make them
look like they were trying to quash your research.

When we (SNOsoft) were working with HP back in early 2000 they threatened
legal action in an attempt to do just that, quash our research. Look at how
it backfired. A lot of people felt that HP cared more about quashing
security research than they did protecting their customers. That's a message
that companies are trying to avoid sending these days.

Granted, certain companies are still more difficult to work with than
others, but if your methodology for release is well built then you won't be
giving them a legal leg to stand on. You're just doing the right thing.

If not releasing bug information results in bugs left unchecked, then you
are doing an injustice to the I.T. Community, that's how I feel at least.


On 3/21/07 10:00 AM, "johnny cache" <johnycsh () gmail com> wrote:

You have totally missed the point of my mail. Everyone in this
wireless cock-up handled it wrong. Dave and Co did it for the media,


Actually, you know why we did a mac and not windows? Because at the time
of the presentation dave had recently left ISS (under good terms) to pursue
an offer at secureworks. Since Dave did lots of Windows kernel level
work at ISS,
it seemed like the easiest way to avoid even the impression of
impropriety on his part was to do something he wasn't exposed to while
employed at ISS. Not doing
Windows was the simplest solution.

In short,we did it to avoid any legal pressure.

Hindsight is always 20/20, isnt it?

And if anyone is curious, I agree completely with Bow when he says he simply
doesn't bother reporting bugs any more. The only company I really trust not to
do anything really unethical is Microsoft.  <queue the
microsoft-funds-everything-that-makes-apple-look-bad conspiracy
theorists.>
-jc
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave


-- 

Regards, 
    Adriel T. Desautels
    Chief Technology Officer - Netragard, LLC
    Office: 617-934-0269 || Mobile : 857-636-8882
    http://www.linkedin.com/pub/1/118/a45
    http://www.netragard.com
    -------------------------
    "We make IT secure."


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Subject: Re: How Apple orchestrated web attack on (Bow Sineath) johnny cache (Mar 21)
- Re: Subject: Re: How Apple orchestrated web attack on (Bow Sineath) Adriel T. Desautels (Mar 21)
  - Re: Subject: Re: How Apple orchestrated web attack on (Bow Sineath) Steve Manzuik (Mar 26)