RE: sendmail vuln advisories (CVE-2006-0058)

["Kyle Quest" <Kyle.Quest () networkengines com>]

It is indeed hilarious... The only logical explanation
is that even though sendmail MTA code is open source
the official folks behind it are a business, so they
don't want to scare/upset their paying customers with
too many details about the vulnerabilities in the
advisory. Without the details the vulnerability
also seems less significant. It's all about the perception...

K.

P.S.
The main reason for the so called responsible disclosure
is that some people just want to make money, others want
to be buddies with the vendors (which is often good
for their professional careers), and in some cases
(if you release the info through your company) you
just don't want to be sued. Otherwise, most researchers
would come out of the closet and openly support full disclosure.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.