Full Disclosure mailing list archives
HP Full Disclosure Story
From: full-disclosure () lists netsys com (Tamer Sahin)
Date: Sun, 25 Aug 2002 21:02:26 +0300
-----BEGIN PGP SIGNED MESSAGE----- Hi, Like Steve have told, I can't expect that I'm responsible from a person who doesn't know anything about me. At this point, the thing that should not be forgotten is the approach to HP. I behaved in an understanding way and wanted to publish this vulnerability without any harm to anyone, but what have they done? They threatened me with likely the terrorist activity happened on September 11th. I do respect to Steve's thoughts, but I cannot know whether Steve thinks as the same way in HP, can I? He is a foreigner for me too, and his work for "Mitre" doesn't make him impartial. Also another thing that shouldn't be missed is that "Dan Grove" (HP Security Response Team Chief) works for "FIRST". Shouldn't a person who works in an organization like FIRST having more common sense. Before I publish any vulnerabilities I send it to the related company, but things don't happen like the way you wanted them to, usually. I'd like to mention the replies I had below... - - I don't get any response from the company. - - They response the mails but no solutions suggested. (for example: in our xxx version this problem will be solved. But no release date for that version.) - - They reply with misleading mails that the vulnerability can happen theoretic or no vulnerabilities, for not to publish the security anouncement. - - They threaten... (Like HP) Of course I want to give the solution or the patch about the vulnerability in every security anouncement. And I try to announce if there is any solution provided or a patch released by the company to bugtraq or vulnwatch. But I think some of the companies doesn't deserve more than this in a subject so critical like "security", without changing their approach. Best Regards; Tamer Sahin http://www.securityoffice.net -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBPWkbtPpL5ibJRTtBAQFrxQf/QLvmVIK6aPnNRwL5hMUjoB9hqO6rlYRD GEg54rSsEUebL6sx+XP//+ve6ayn3zRiHdnkEengLW7gScjmco/+PMxtueggZKjI FsC5YmXw/dRr65TlrDydxmtfrURdP677T5Q7tjRWu3AXqBCPIRjeEmcURsfaxjj/ KRdr/BNdDT5+SpPpPI1jsSDAKzCOHi4rC+KCVOJWghzoQmS7WSZU83yaWfnImCRg GNoV9CmiPOqra1P/2rRZ/fbPUZVxxZ1SNLSgExeB71m3QPhgTgL7x4IiTVTJOEa0 esZHlXQZOnpNoU7jZAXCwJPCrnoyQ6fbnO/r6NkUhLhacUNS/zi8Xw== =aGkm -----END PGP SIGNATURE-----
Current thread:
- Re: HP Full Disclosure Story, (continued)
- Re: HP Full Disclosure Story Kurt Weiske (Aug 24)
- Re: HP Full Disclosure Story Isaak Bloodlore (Aug 24)
- Re: HP Full Disclosure Story hellNbak (Aug 24)
- Re: HP Full Disclosure Story Charles Stevenson (Aug 26)
- Re: HP Full Disclosure Story KF (Aug 26)
- Re: HP Full Disclosure Story KF (Aug 26)
- Re: HP Full Disclosure Story Anthony DeRobertis (Aug 25)