Full Disclosure mailing list archives

openssl exploit code

From: Ken () infosec101 org (Ken Pfeil)
Date: Tue, 17 Sep 2002 13:04:51 -0400

Original link:

http://www2.computer-zeitung.de/cz/aktuell/artikel/artikel.1027685895.23234.
html (Can't find it now)

Google's cache (wrapped):

http://216.239.39.100/search?q=cache:LTgFtuQJ2SgC:www2.computer-zeitung.de/c
z/aktuell/artikel/artikel.1027685895.23234.html+Bugtraq+wird+den+Industrieno
rmen+f%C3%BCr+Security-Ver%C3%B6ffentlichungen&hl=en&ie=UTF-8

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Florian
Weimer
Sent: Tuesday, September 17, 2002 11:22 AM
To: hellNbak
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] openssl exploit code


hellNbak <hellnbak () nmrc org> writes:

Source?  URL?  Article?  I personally would be very surprised if this
happened.  But stranger things have happened.


I've got the following quote from Computerzeitung, but no direct URL:

| Bugtraq wird den Industrienormen für Security-Veröffentlichungen
| folgen, wie es das heute bereits tut. Es gibt immer Verzögerungen,
| sogar bei Bugtraq: Die Sicherheitslücke muss verifiziert und der
| Hersteller alarmiert werden. Typischerweise räumt man ihm immer eine
| Gefälligkeitszeit ein, um einen Patch zu entwickeln. Diesen Standard
| werden wir beibehalten.

John Schwarz, Chief Operating Office, Symantec.

Approximate translation:

Bugtraq will follow the industry norms for security disclosures, like
it does now.  There are always delays, even with Bugtraq: A security
vulnerability has to be verified, and the vendor has to be alarmed.
Typically, the vendor gets a grace period to develop a patch.  We will
keep this standard.

(Sorry, English isn't my native tongue.)

--
Florian Weimer                          Weimer () CERT Uni-Stuttgart DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

openssl exploit code Solar Eclipse (Sep 16)
- openssl exploit code hellNbak (Sep 16)
  - openssl exploit code Solar Eclipse (Sep 16)
    - openssl exploit code hellNbak (Sep 16)
    - openssl exploit code Solar Eclipse (Sep 16)
    - openssl exploit code Blue Boar (Sep 16)
    - openssl exploit code Florian Weimer (Sep 17)
    - openssl exploit code hellNbak (Sep 17)
    - openssl exploit code Florian Weimer (Sep 17)
    - openssl exploit code Isaak Bloodlore (Sep 17)
    - openssl exploit code Ken Pfeil (Sep 17)
    - openssl exploit code Jonathan Rickman (Sep 17)
    - openssl exploit code hellNbak (Sep 17)
    - openssl exploit code Georgi Guninski (Sep 17)
    - openssl exploit code Isaak Bloodlore (Sep 17)
- openssl exploit code Charles Stevenson (Sep 16)
  - openssl exploit code hellNbak (Sep 16)
- <Possible follow-ups>
- openssl exploit code Arjen De Landgraaf (Sep 16)
- openssl exploit code Arjen De Landgraaf (Sep 17)