Full Disclosure mailing list archives
Re: Rate Stratfor's Incident Response
From: Sanguinarious Rose <SanguineRose () OccultusTerra com>
Date: Sat, 14 Jan 2012 08:33:13 -0700
I've been watching this chat for a while and I have to say a lot of views here does not impress me and in fact why I will never report a vulnerability if I found one. Why would I want to even risk getting arrested and/or FBI trouble from observing a security flaw? My policy on finding them is to quietly just move a long. I'm sure I am not the only one that does this or come to such a conclusion of is it even worth the trouble. I like how the assumptions are always this person is horrible and bad for have founding a security flaw, he must not be trusted and treated like a criminal. Why would he even be reporting it to begin with if his goal is abusing the security flaw? After all the audacity of this dangerous cyber criminal took the time to tell you about the flaw in an email and should be punished for their indiscretion of reporting it. The analogies of a house is a very very bad one. Do you expect thousands of people to be walking around your house akin to viewing the website? A more appropriate one would be a public store with doors happen to be unlocked to completely open. "If it's not broken don't fix it" is the classical saying of many individuals and sadly even more apply it to security. Even reporting the flaw in some cases results not in fixing it but legal troubles for the person reporting it. You would think they might want to fix it after being informed about it right? After all if it works why fix it? Why not silence that bad apple that found the flaw and no one else will know kinda like daddy's little secret. In conclusion I don't care to report anything and why is perfectly illustrated by some of the replies to this discussion and the above is why. Flaming Welcome :) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Rate Stratfor's Incident Response, (continued)
- Re: Rate Stratfor's Incident Response Giles Coochey (Jan 13)
- Re: Rate Stratfor's Incident Response Benjamin Kreuter (Jan 13)
- Re: Rate Stratfor's Incident Response Paul Schmehl (Jan 13)
- Re: Rate Stratfor's Incident Response J. von Balzac (Jan 13)
- Re: Rate Stratfor's Incident Response Michael Schmidt (Jan 13)
- Re: Rate Stratfor's Incident Response Benjamin Kreuter (Jan 13)
- Re: Rate Stratfor's Incident Response Paul Schmehl (Jan 13)
- Re: Rate Stratfor's Incident Response Laurelai (Jan 13)
- Re: Rate Stratfor's Incident Response Gage Bystrom (Jan 13)
- Re: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 14)
- Re: Rate Stratfor's Incident Response Sanguinarious Rose (Jan 14)
- Re: Rate Stratfor's Incident Response Paul Schmehl (Jan 14)
- Re: Rate Stratfor's Incident Response Benjamin Kreuter (Jan 14)
- Re: Rate Stratfor's Incident Response Sanguinarious Rose (Jan 14)
- Re: Rate Stratfor's Incident Response Ferenc Kovacs (Jan 14)
- Re: Rate Stratfor's Incident Response Sanguinarious Rose (Jan 14)
- Re: Rate Stratfor's Incident Response Benjamin Kreuter (Jan 14)
- Re: Rate Stratfor's Incident Response Paul Schmehl (Jan 13)
- Re: Rate Stratfor's Incident Response Benjamin Kreuter (Jan 13)
- Re: Rate Stratfor's Incident Response metasansana (Jan 17)
- Re: Fwd: Rate Stratfor's Incident Response doc mombasa (Jan 12)