Re[2]: GREENAPPLE Release

[phased <phased () mail ru>]

> > I thought Full Disclosure propagators actually endorsed waiting for a
> > vendor to fix the vulnerability before announcing a security hole..
> > On the other hand what do I know? My hat is black.
>
> Some days I find myself leaning more towards 'responsibility' while most 
> days I recognize that the only way vendors learn is through repeated 
> hard lessons.
Its not your responsibility to do work that they get paid for.

> Consequently I keep my morals flexible as long as people's 
> personal/physical safety is respected and money doesn't change hands 
> when the law may be broken. There's always the golden rule if anyone 
> finds themselves in need of a universal yardstick, though for a company 
> like Microsoft, I do revel in seeing them take it dry. In any case, with 
> all these idiotic laws, who isn't a criminal somewhere? Coming soon via 
> treaty to a theatre near you!

> But I digress... I wasn't rankled by what could be perceived as a 
> 'responsible' disclosure on Dave's part. I'm saying he and his crew sit 
> on stuff and parcel it out when and where it will do the most good for 
> their prestige. It might be good marketing, but I think it's cheesy how 
> long some people sit on things, especially when pains are taken to point 
> out that they've known about it for some time now. A little too 
> Hollywood for my tastes.
We all know most of these lists exist as an advertising media.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html