Full Disclosure mailing list archives
Re: Epic Games threatens to sue security researchers
From: "Rick Updegrove \(security\)" <security () updegrove net>
Date: Tue, 11 Feb 2003 15:17:31 -0800
----- Original Message ----- From: "Georgi Guninski" <guninski () guninski com> To: "Thor Larholm" <thor () pivx com> Cc: <full-disclosure () lists netsys com> Sent: Tuesday, February 11, 2003 1:54 PM Subject: Re: [Full-disclosure] Epic Games threatens to sue security researchers
I am not aware of such industry standards. The proposed RFC was not approved by the IETF?
I have heard a lot of "loose talk" about lawyers getting involved in regards to "responsible handling" of security advisories. I would like to take this opportunity to remind the money grubbing software vendors that such actions will only further "piss off" the people who are only trying to help make the Internet a "kinder, gentler place". As a consumer of these products I ask you to not piss them off any further. Soon, nobody will inform you first. I suspect that they will simply use stolen yahoo, hotmail and AOL accounts to send advisories and exploit code directly to full-disclosure () lists netsys com bypassing your arrogant and apathetic security () bigsoftware com addresses altogether. Speaking of "responsible handling" of security advisories: I think 1 day (24 hours) before an "informative reply - what they plan to do about it" from a vendor (a human being, not an autoresponder) is a *responsibility* of the software vendor. Then, a week (168 hours) before posting the information to full-disclosure () lists netsys com is fair*. *Unless the vendor and author work something else out. Moreover, PivX Solutions self-imposed 90 days (2,160 hours) was *extremely generous*. I have to tell you that I am a little puzzled, and somewhat miffed at PivX for not telling us avid UT players sooner! It really bothers me that for 90 days I have been "wide open" and Epic Games did absolutely nothing about it? Hey Mark Rein, I want a refund and an apology! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Epic Games threatens to sue security researchers Thor Larholm (Feb 11)
- Re: Epic Games threatens to sue security researchers Georgi Guninski (Feb 11)
- Re: Epic Games threatens to sue security researchers Rick Updegrove (security) (Feb 11)
- <Possible follow-ups>
- Fw: Epic Games threatens to sue security researchers Thor Larholm (Feb 11)