Full Disclosure mailing list archives
Re: Full Disclosure != Exploit Release
From: "http-equiv () excite com" <http-equiv () malware com>
Date: Wed, 29 Jan 2003 17:07:40 -0000
<!-- Paul Schmehl wrote: On Wed, 2003-01-29 at 06:13, David Howe wrote:
That is of course your choice. Vendors in particular were prone to
deny
a vunerability existed unless exploit code were published to prove
it. I've read this mantra over and over again in these discussions, and a question occurs to me. Can anyone provide a *documented* case where a vendor refused to produce a patch **having been properly notified of a vulnerability** until exploit code was released? --> It is accurate. Even providing the most detailed step-by-step instructions to the vendor can yield a blank stare and a request for working demonstration. Once submitted, the vendor disappears. Thereafter you publish both the detailed step-by-step and the working demonstration because you never hear back from the vendor. Or if you do hear back, it has been determined by them "not to be an issue". Happens all the time. -- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Full Disclosure != Exploit Release http-equiv () excite com (Jan 29)
- <Possible follow-ups>
- RE: Re: Full Disclosure != Exploit Release John . Airey (Jan 30)
- RE: Re: Full Disclosure != Exploit Release hellNbak (Jan 30)