Full Disclosure mailing list archives
Re: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release
From: Georgi Guninski <guninski () guninski com>
Date: Wed, 29 Jan 2003 18:48:54 +0200
Personally don't care whether you release exploits or not. But will you use nessus and such? Because someone filled the nessus db imho. Georgi Guninski http://www.guninski.com Strategic Reconnaissance Team wrote:
All,I have been following the subject of full disclosure for a while, and as most of you know, have dealt with some of the issues that full disclosure can cause (HP/Secure Network Operations/DMCA). While the idea of full disclosure is a good idea, and while we support it, we feel that the exploit source code should not be released to everyone. It is possible to prove a vulnerability exists by releasing well written advisories. Because of this fact, proof of concept code (exploit source) is not a requirement for the education of the possibly vulnerable. Releasing non-malicious exploit code is also not an option as any local script bunny/kiddie can easily render it functional. Proof of concept code is useful for legitimate contract based penetration tests. It is also useful for study as it demonstrates fundamental flaws computers today (not built in security). But again, proof of concept code is not for everyone. I am interested in hearing the opinions of the people on this list. If you are for exploit source disclosure, I would like to hear arguments supported by facts, that explain why. I am equally interested inreasons why not to disclose information.With that said, Secure Network Operations, Inc. will no longer be releasing functional proof of concept code. We may release sufficientlydetailed advisories.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: RE : [Secure Network Operations, Inc.] FullDisclosure != Exploit Release, (continued)
- RE: RE : [Secure Network Operations, Inc.] FullDisclosure != Exploit Release Geo (Jan 29)
- RE: RE : [Secure Network Operations, Inc.] FullDisclosure != Exploit Release Strategic Reconnaissance Team (Jan 29)
- Re: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release David Howe (Jan 29)
- Re: Full Disclosure != Exploit Release Paul Schmehl (Jan 29)
- Re: Re: Full Disclosure != Exploit Release hellNbak (Jan 29)
- RE: Re: Full Disclosure != Exploit Release Richard M. Smith (Jan 29)
- Re: Re: Full Disclosure != Exploit Release Georgi Guninski (Jan 29)
- Re: Re: Full Disclosure != Exploit Release KF (Jan 29)
- Re: Re: Full Disclosure != Exploit Release Blue Boar (Jan 29)
- Re: Full Disclosure != Exploit Release Paul Schmehl (Jan 29)
- Re: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release ATD (Jan 29)
- Re: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Strategic Reconnaissance Team (Jan 29)
- Re: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Strategic Reconnaissance Team (Jan 29)
- RE: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Richard M. Smith (Jan 29)
- RE: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Ron DuFresne (Jan 29)
- Re: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Kevin Spett (Jan 29)
- Re: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Day Jay (Jan 29)
- Re: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release hellNbak (Jan 29)
- Re: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Kevin Spett (Jan 29)