Full Disclosure mailing list archives
Re: Vuln Disclosure summarized (TTBOMA)
From: Thierry Zoller <Thierry () Zoller lu>
Date: Thu, 29 Apr 2010 10:17:22 +0200
Hello, Your missing legislative circumstances in your thoughts :
- Releasing at a conference => Probable court time.
Under what legislation would that potentially be the case ?
- Keeping it to yourself => Working under the assumption that your the only one that has found that same bug is still semi relevant due to the incredibly small size of the exploit dev community. However, as Dave said, they'll be toasting to their sleeping dead 0days some day.
Under the jurisdiction I personaly am under I am responsbile if I DON'T disclose vulnerabilities (to the vendor) - this includes potential damages should the vulnerability be used. This is the law over here if you have the PSF statute. -- http://blog.zoller.lu Thierry Zoller _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Vuln Disclosure summarized (TTBOMA) Rob Fuller (Apr 28)
- Re: Vuln Disclosure summarized (TTBOMA) Sergio 'shadown' Alvarez (Apr 29)
- Re: Vuln Disclosure summarized (TTBOMA) Thierry Zoller (Apr 29)
- Re: Vuln Disclosure summarized (TTBOMA) Valdis . Kletnieks (Apr 29)