Full Disclosure mailing list archives
Re: ISS issues bug disclosure guidelines
From: "SynRak" <synrak () hotmail com>
Date: Wed, 4 Dec 2002 16:58:20 -0500
I think a simple solution would be for everyone to give me their 0day code and I will worry about who ends up with it :) ----- Original Message ----- From: "Georgi Guninski" <guninski () guninski com> To: "Richard M. Smith" <rms () computerbytesman com> Cc: <full-disclosure () lists netsys com> Sent: Tuesday, December 03, 2002 5:16 AM Subject: Re: [Full-disclosure] ISS issues bug disclosure guidelines
lol Personally don't care about ISS's guidelines. Of course they can do
whatever
they wish with their 0days. *My* 0days are another topic. For them I care about applicable laws where
I live
(and of course as this list shows, there are ways to post quite
anonymously).
And this guideline: http://lists.netsys.com/pipermail/full-disclosure/2002-August/000822.html Is much more apealing to me. So after the responsibility rfc got busted, they are fighting at corporate ground, lol? I am thinking about making entities on my black list (microsoft,
securityfocus,
mitre, cert) beg for 0days in any form. The idea is making a license agreement/non-disclosure agreement in the publication/code which makes them not eligible to read/use the
intellectual
property at all. A lawyer said this approach is legal (of course it is
difficult
to enforce). In addition encoding like ROT13 may be used to prevent them
from
reverse engineering the IP (cough cough DMCA) :). There are several
precedents
of high profile code which forbids including in sf's vuln db. Has anyone tried something like the above or has advice? Georgi Guninski http://www.guninski.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- ISS issues bug disclosure guidelines Richard M. Smith (Dec 02)
- Re: ISS issues bug disclosure guidelines Georgi Guninski (Dec 03)
- Full disclosure war stories wanted Richard M. Smith (Dec 03)
- Re: ISS issues bug disclosure guidelines SynRak (Dec 04)
- Re: ISS issues bug disclosure guidelines Georgi Guninski (Dec 03)