Full Disclosure mailing list archives
Re: How to Report a Security Vulnerability to Microsoft
From: bkfsec <bkfsec () sdf lonestar org>
Date: Wed, 13 Apr 2005 13:01:19 -0400
Steve Friedl wrote:
I agree with you. I wasn't implying that people shouldn't work with MSFT on disclosures, rather that their attitude had not changed nearly as much as some people seem to think it has.On Wed, Apr 13, 2005 at 10:54:34AM -0400, bkfsec wrote:It doesn't matter how much honey is poured into people's ears (or smoke blown up their asses, if you will), it's the proof that's in the pudding that counts, and the pudding is sour.Even if you decide, for the sake of discussion, that Microsoft sucks, there is still a good reason to work with MSFT on disclosure: the users.
There's also a big difference between should and must. Security researchers should work with vendors to get solutions out responsibly, including Microsoft, but they should not be restricted from publishing their findings if a vendor just wants to sweep things under a rug.
-Barry _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: How to Report a Security VulnerabilitytoMicrosoft, (continued)
- Re: How to Report a Security VulnerabilitytoMicrosoft Valdis . Kletnieks (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft Georgi Guninski (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft mcbain (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft dk (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft bkfsec (Apr 13)
- Re: How to Report a Security VulnerabilitytoMicrosoft bkfsec (Apr 13)
- Re: How to Report a Security Vulnerability to Microsoft Steve Friedl (Apr 13)
- Re: How to Report a Security Vulnerability to Microsoft Georgi Guninski (Apr 13)
- Re: How to Report a Security Vulnerability to Microsoft Steve Friedl (Apr 13)
- Re: How to Report a Security Vulnerability to Microsoft Danny (Apr 13)
- Re: How to Report a Security Vulnerability to Microsoft bkfsec (Apr 13)
- Re: How to Report a Security Vulnerability to Microsoft Steve Friedl (Apr 13)
- Re: How to Report a Security Vulnerability to Microsoft bkfsec (Apr 13)
- Re: How to Report a Security Vulnerability to Microsoft Steve Friedl (Apr 13)
- Re: How to Report a Security VulnerabilitytoMicrosoft dk (Apr 19)
- Re: How to Report a Security VulnerabilitytoMicrosoft Georgi Guninski (Apr 19)