Re: GUNINSKI THE SELF-PROMOTER

["morning_wood" <se_cur_ity () hotmail com>]

> Last year, when Guninski discovered a security hole inside
Microsoft's
> Office XP, he informed the company about his discovery, waited 14
days,
> then published instructions on how it could be exploited.
>
> Not enough time
>
> Microsoft said that wasn't enough time to issue a patch. And,
frustrated
> with the entire full-disclosure principle, it began using such
situations
> to bolster arguments that the entire bug-reporting system needs an
overhaul

i think an email acknowledging the person would proaly keep most from
publishing, generally
that is where the frustration lies, not in a fast patch, but a simple
"thank you" or "could you help us"
"thank you, we will see to it we mention you for bringing this to our
attention"  ... its not like we want $1,000,000.
some of us compete in an employment market wrought with book educated
admins making 6 figure incomes, and
we are digging out thier mistakes. Just because someone don't look
good on resume doesnt mean they should not be
highly sought after. I personaly would be proud to have Mr Gudinski ,
or Mitnick and of the others
on my payroll anyday

Donnie Werner
http://nothackers.org/about.php




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html