Full Disclosure mailing list archives
RE: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Wed, 29 Jan 2003 16:24:36 -0500
One problem with anyone making private exploits is that they always seem to get leaked, no matter who it is.
I've written at least a dozen proof-of-concept examples for security holes. I've given these examples to vendors and shared them with friends and other security researchers. I'm not aware of any of them being made public. In addition, I serious doubt that any of the examples are of much use to anyone except to the vendor who messed up in the first place. Vendors probably find the bulk of security holes and I seriously doubt many of these problems have proof-of-concept code published for them. OTOH we know that public proof-of-concept examples are going to get into the wrong hands. Richard _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: RE : RE : [Secure Network Operations, Inc.] FullDisclosure != Exploit Release, (continued)
- Re: RE : RE : [Secure Network Operations, Inc.] FullDisclosure != Exploit Release hellNbak (Jan 28)
- Re: RE : RE : [Secure Network Operations, Inc.] FullDisclosure != Exploit Release Ron DuFresne (Jan 29)
- Re: RE : RE : [Secure Network Operations, Inc.] FullDisclosure != Exploit Release hellNbak (Jan 29)
- Re: RE : RE : [Secure Network Operations, Inc.] FullDisclosure != Exploit Release Strategic Reconnaissance Team (Jan 29)
- RE : RE : RE : [Secure Network Operations, Inc.]FullDisclosure != Exploit Release Nicolas Villatte (Jan 29)
- R: [Secure Network Operations, Inc.]FullDisclosure != Exploit Release Andrea Vecchio (Jan 29)
- Re: R: [Secure Network Operations, Inc.]FullDisclosure != Exploit Release Strategic Reconnaissance Team (Jan 29)
- Re: RE : [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Blue Boar (Jan 29)
- Re: RE : [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Strategic Reconnaissance Team (Jan 29)
- Re: RE : [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Blue Boar (Jan 29)
- RE: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Richard M. Smith (Jan 29)
- RE: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Day Jay (Jan 29)
- RE: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Richard M. Smith (Jan 29)
- [Secure Network Operations, Inc.] Full Disclosure Conclusion? ATD (Jan 29)
- Re: [Secure Network Operations, Inc.] Full Disclosure Conclusion? yossarian (Jan 29)
- RE: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release hellNbak (Jan 29)
- Re: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Blue Boar (Jan 29)
- Re: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Rick Updegrove (security) (Jan 29)
- RE: RE : [Secure Network Operations, Inc.] FullDisclosure != Exploit Release Geo (Jan 29)
- RE: RE : [Secure Network Operations, Inc.] FullDisclosure != Exploit Release Strategic Reconnaissance Team (Jan 29)