Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Vuln Disclosure summarized (TTBOMA)

From: Thierry Zoller <Thierry () Zoller lu>
Date: Thu, 29 Apr 2010 10:17:22 +0200

Hello,

Your missing legislative circumstances in your thoughts :


- Releasing at a conference => Probable court time.

Under what legislation would that potentially be the case ?


- Keeping it to yourself => Working under the assumption that your the
only one that has found that same bug is still semi relevant due to
the incredibly small size of the exploit dev community. However, as
Dave said, they'll be toasting to their sleeping dead 0days some day.

Under  the  jurisdiction  I  personaly  am under I am responsbile if I
DON'T  disclose  vulnerabilities  (to  the  vendor)  -  this  includes
potential damages should the vulnerability be used. This is the law
over here if you have the PSF statute.


-- 
http://blog.zoller.lu
Thierry Zoller


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: