Full Disclosure mailing list archives
Re: Publicly Disclosing A Vulnerability
From: Valdis.Kletnieks () vt edu
Date: Wed, 05 Oct 2005 11:24:17 -0400
On Wed, 05 Oct 2005 08:17:41 PDT, Steve Friedl said:
Your customer still has to work with the vendor after you're gone, and going public - which I think is a fine idea in general - could sour a relationship that's not yours to sour. Ask the customer what they want to do with this, but if you're covered under NDA (as you surely must be) I'm pretty sure you have to sit on it if they tell you to.
One thing to remember is that the customer has some leverage with the vendor, since they can say "What are you going to do about this problem our contractor found in your stuff? And is your head-in-the-sand attitude indicative of how you intend to deal with *other* problems as well? Should we start considering moving our business elsewhere to another vendor that isn't as coated in ostrich feathers?".....
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Publicly Disclosing A Vulnerability Josh Perrymon (Oct 05)
- Re: Publicly Disclosing A Vulnerability xyberpix (Oct 05)
- Re: Publicly Disclosing A Vulnerability c0ntex (Oct 05)
- Re: Publicly Disclosing A Vulnerability phased (Oct 05)
- Re: Publicly Disclosing A Vulnerability Steve Friedl (Oct 05)
- Re: Publicly Disclosing A Vulnerability Valdis . Kletnieks (Oct 05)
- Re: Publicly Disclosing A Vulnerability Donald J. Ankney (Oct 05)
- Re: Publicly Disclosing A Vulnerability Simon Richter (Oct 05)
- Re: Publicly Disclosing A Vulnerability Martijn Lievaart (Oct 05)
- RE: Publicly Disclosing A Vulnerability Paul Melson (Oct 05)
- RE: Publicly Disclosing A Vulnerability Adriel Desautels (Oct 05)
- <Possible follow-ups>
- RE: Publicly Disclosing A Vulnerability Todd Towles (Oct 05)
- Re: Publicly Disclosing A Vulnerability FX (Oct 05)
- RE: Publicly Disclosing A Vulnerability Josh Perrymon (Oct 05)