Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to Report a Security Vulnerability to Microsoft

From: bkfsec <bkfsec () sdf lonestar org>
Date: Wed, 13 Apr 2005 13:01:19 -0400
Steve Friedl wrote:


On Wed, Apr 13, 2005 at 10:54:34AM -0400, bkfsec wrote:
It doesn't matter how much honey is poured into people's ears (or smoke blown up their asses, if you will), it's the proof that's in the pudding that counts, and the pudding is sour. 

Even if you decide, for the sake of discussion, that Microsoft sucks,
there is still a good reason to work with MSFT on disclosure: the users.
I agree with you. I wasn't implying that people shouldn't work with MSFT on disclosures, rather that their attitude had not changed nearly as much as some people seem to think it has.
There's also a big difference between should and must. Security researchers should work with vendors to get solutions out responsibly, including Microsoft, but they should not be restricted from publishing their findings if a vendor just wants to sweep things under a rug. 

            -Barry


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: