Full Disclosure mailing list archives
Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere)
From: Tavis Ormandy <taviso () cmpxchg8b com>
Date: Tue, 23 Apr 2013 10:04:32 -0700
Valdis.Kletnieks () vt edu wrote:
On Tue, 23 Apr 2013 09:22:36 -0700, Tavis Ormandy said:Easy and nonsense, I really hope you don't think this is about credit.I mention the credit issue only because some people *have* gotten peeved when they contact a vendor and the vendor issues an advisory that doesn't give them a shout-out. So for at least *some* researchers, the lack of vendor notification *is* about the credits.
Sure, but how does full disclosure solve that? Most vendors refuse to credit researchers who don't play by their rules (which is almost universally tell them and then keep quiet until they give you permission to speak) - so if you're primarily driven by vendor credit, you should not choose full disclosure. Trivializing full disclosure as something people do for "shout outs" then calling it "blackhat" is unfair and inaccurate, but we're used to this from the Scott Culpists ;-) Tavis. -- ------------------------------------- taviso () cmpxchg8b com | pgp encrypted mail preferred ------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere), (continued)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Georgi Guninski (Apr 23)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Gregory Boddin (Apr 23)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Georgi Guninski (Apr 24)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Valdis . Kletnieks (Apr 23)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Gary Baribault (Apr 23)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Tavis Ormandy (Apr 23)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Valdis . Kletnieks (Apr 23)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Tavis Ormandy (Apr 23)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Georgi Guninski (Apr 23)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Taylor Burke (Apr 23)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Gary Baribault (Apr 23)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Valdis . Kletnieks (Apr 23)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Mark Felder (Apr 23)
- Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Tavis Ormandy (Apr 23)