Full Disclosure mailing list archives
re: zen-parse () gmx de is not zen-parse () gmx net
From: zen-parse () gmx net (zen-parse)
Date: Mon, 7 Oct 2002 19:54:57 +1300 (NZDT)
Florian Weimer Weimer () CERT Uni-Stuttgart DE wrote:
However, it's highly surprising that the Apache developers call the iDefense approach "reasonable disclosure". Is it reasonable to disclose critical information on new security vulnerabilities to potential but paying blackhats *on* *the* *same* *day* *the* *vendors* *are* *notified*?
In the case of the apache shared memory ownership, I mentioned the issues initially in an email sent Sun, 11 Nov 2001 to the apache security address, and there was some general discussion, but nothing came of it. In general however, I think that any approach that gets the information known is useful. There are definitely many approaches, but any that allows an issue to be disclosed is at least partially good. -- zen-parse -- ------------------------------------------------------------------------- 1) If this message was posted to a public forum by zen-parse () gmx net, it may be redistributed without modification. 2) In any other case the contents of this message is confidential and not to be distributed in any form without express permission from the author.
Current thread:
- zen-parse () gmx de is not zen-parse () gmx net zen-parse (Oct 04)
- zen-parse () gmx de is not zen-parse () gmx net Florian Weimer (Oct 06)
- zen-parse () gmx de is not zen-parse () gmx net daniel.clemens (Oct 06)
- zen-parse () gmx de is not zen-parse () gmx net Ben Laurie (Oct 07)
- zen-parse () gmx de is not zen-parse () gmx net Florian Weimer (Oct 07)
- zen-parse () gmx de is not zen-parse () gmx net Ben Laurie (Oct 07)
- zen-parse () gmx de is not zen-parse () gmx net Florian Weimer (Oct 07)
- zen-parse () gmx de is not zen-parse () gmx net Florian Weimer (Oct 06)
- <Possible follow-ups>
- re: zen-parse () gmx de is not zen-parse () gmx net zen-parse (Oct 06)