Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Publishing exploit code - what is it good for

From: devnull () Rodents Montreal QC CA
Date: Thu, 30 Jun 2005 14:41:23 -0400 (EDT)
[Because of all the broken autoresponders on bugtraq, the header From:
is a bitbucket.  Use the address in the signature to reach me.]


Quote: " If I speak to an end-user organization and they express
legitimate needs for exploit code, then I'll change my opinion."


Well, I'm not an end-user organization, but as an end user[%], the
major benefit I see to full disclosure is that it appears to be close
to the only thing that has any real success at getting vendors to fix
bugs.  (In general.  There certainly are vendors that stay on top of
things without needing the prod of public exploit disclosure.  But they
are notable by their rarity.)

[%] "End user" is not the only hat I wear.  It's just the one I'm
    wearing here.

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               mouse () rodents montreal qc ca
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: