Full Disclosure mailing list archives
Re: Where are you guys standing re: the (full) disclosure
From: Pedro Luis Karrasquillo <peter_toyota () hotmail com>
Date: Sat, 14 Dec 2013 17:37:02 -0400
Allright. After I chatted with a MS rep (I posted the transcript of the short conversation elsewhere in the thread), I got a response in the list from secure()microsoft. I sent the details to secure()microsoft of the bug and the mitigation steps. Again, I am glad to read the variety of opinions on this issue. Hopefully the bug will be confirmed/fixed in a reasonable time and I will share the details with you once I get MS's take on it.
Date: Fri, 13 Dec 2013 12:32:16 -0600 From: envygeeks () gmail com To: gary () baribault net CC: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Where are you guys standing re: the (full) disclosure On Fri, Dec 13, 2013 at 12:15 PM, Gary Baribault <gary () baribault net> wrote:Of course, all software companies would love for the disclosure to wait for the fix to be released, and often, if the delay is considered reasonable by the hacker in question who found the bug, then that's what happens. I think it's only in the case where the company considers the bug to be minor or non existent, and they are asking for a ridiculous delay that many hackers will say, 'tough luck I'm disclosing on xx' and he takes his chances that most of us agree with his decision. As Mikhail said, if the hacker came across the bug without any illegal means then he should be fine after the release (but IANAL).To add, in cases where people do release security updates even if a fix is pending it's most of the time not to do with the time line and more to do with the fact that the entity with the problem are trying to silence the "hacker" to prevent embarrassment. At least from what I've noticed and experienced. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Where are you guys standing re: the (full) disclosure, (continued)
- Re: Where are you guys standing re: the (full) disclosure Gary Baribault (Dec 13)
- Re: Where are you guys standing re: the (full) disclosure Jeffrey Walton (Dec 13)
- Re: Where are you guys standing re: the (full) disclosure Gary Baribault (Dec 13)
- Re: Where are you guys standing re: the (full) disclosure Paul Ammann (Dec 14)
- Re: Where are you guys standing re: the (full) disclosure Jordon Bedwell (Dec 14)
- Re: Where are you guys standing re: the (full) disclosure Gary Baribault (Dec 13)
- Re: Where are you guys standing re: the (full) disclosure Jordon Bedwell (Dec 14)
- Re: Where are you guys standing re: the (full) disclosure Gary Baribault (Dec 13)
- Re: Where are you guys standing re: the (full) disclosure Jordon Bedwell (Dec 14)
- Re: Where are you guys standing re: the (full) disclosure Gary Baribault (Dec 13)
- Re: Where are you guys standing re: the (full) disclosure Pedro Luis Karrasquillo (Dec 15)
- Re: Where are you guys standing re: the (full) disclosure amani (Dec 14)
- Re: Where are you guys standing re: the (full) disclosure Jordon Bedwell (Dec 15)