Full Disclosure mailing list archives
Re: Microsoft Cries Wolf ( again )
From: Peter van den Heuvel <peter () bank-connect com>
Date: Tue, 01 Jul 2003 12:03:36 +0200
The ZDNet article hit the point right on the head. It is irresponsible to leave the vendor uninformed before going public.
I find all these posts on irresponsible behaviour a bit surprising. Driving through a red light is irresponsible, blowing oneanothers heads out with firearms is irresponsible (and USA citizens seem to be cunningly good at that), and still it happens. The problem is not going away, so face it and learn to live with it best you can.
So, lets make it illegal! Yeah, like that ever solved a problem. It would make more sense to research a bit more into why people do this, how they could be convinced to be more social, and most particularly, how the process of "decent" disclosure could be facilitated. None of the recent attempts of the industry countermeasures look very productive. In the mean time, one can of course fall back to calling the exploit publishers stupid idiots. There are no doubt people who believe that this is effective and will convince the subjects to adopt the opposed position.
May I suggest the "industry" opens up a hall of fame page for hackers who have found exploits, that they commit to a reasonable policy regarding published exploits, that they ask the community what they consider reasonable, that they develop a corparate control and communications structure to deal with such issues in a technically effective way (instead of a legally ineffecyive way), that they learn to understand how these exploits are unvieled and adopt the technology to scan products before they hit the market, that they start facing the consequences of their behaviour and inadequacy instead of trying to kill the messenger. Ah well, guess not.
Peter _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Microsoft Cries Wolf ( again ) Peter van den Heuvel (Jul 01)
- <Possible follow-ups>
- Re: Microsoft Cries Wolf ( again ) Thilo Schulz (Jul 01)
- Re: Microsoft Cries Wolf ( again ) Andrew Griffiths (Jul 01)
- Re: Microsoft Cries Wolf ( again ) Georgi Guninski (Jul 01)
- RE: Microsoft Cries Wolf ( again ) Schmehl, Paul L (Jul 01)
- Re: Microsoft Cries Wolf ( again ) KF (Jul 01)
- Re: Microsoft Cries Wolf ( again ) ATD (Jul 01)
- Re: Microsoft Cries Wolf ( again ) madsaxon (Jul 01)
- RE: Microsoft Cries Wolf ( again ) Richard M. Smith (Jul 01)
- RE: Microsoft Cries Wolf ( again ) Mike Fratto (Jul 01)
- RE: Microsoft Cries Wolf ( again ) Cesar (Jul 01)
- Re: Microsoft Cries Wolf ( again ) KF (Jul 01)