Penetration Testing mailing list archives
Re: Scanners and unpublished vulnerabilities - Full Disclosure
From: Drew <simonis () myself com>
Date: Tue, 28 May 2002 15:42:00 -0400
Alfred Huger wrote:
Heya all, Most of you who are long time users of this list know I tend to avoid conversations on-list about full-disclosure. I'm of the opinion it's a religious discussion with little or no merit for debate given that people are unlikely to move from their current position. Having said this every now and then something does occur within our industry to spur discussion. In this case I came across something which directly impacts the Pen-Testing arena and I would like to throw it out for open discussion. The event in question is a new Vendor Notification Alert Scheme the folks over at NGSSoftware announced yesterday. The announcement can (and should be) read at: http://www.nextgenss.com/news/vna.html
Seems to me like a thinly vieled marketing announcment. Worked, too. I don't notice anything _too_ radically seperated from well known vulnerability disclosure methods, with the singular exception that they do not make accomodations for a responsive vendor who has not yet released a patch, which is on contrast to the RFPolicy, a well known disclosure roadmap, and the referenced Christey-Wysopal policy. I read it as "Buy our scanner and you'll have access to vulnerabilities others don't yet have". -Ds ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Scanners and unpublished vulnerabilities - Full Disclosure Alfred Huger (May 28)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Ryan Russell (May 28)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Alfred Huger (May 28)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Raju Mathur (May 28)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure R. DuFresne (May 29)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Alfred Huger (May 28)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Ryan Russell (May 28)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Pierre Vandevenne (May 28)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Drew (May 28)
- RE: Scanners and unpublished vulnerabilities - Full Disclosure Marc Maiffret (May 28)
- RE: Scanners and unpublished vulnerabilities - Full Disclosure Deus, Attonbitus (May 28)
- RE: Scanners and unpublished vulnerabilities - Full Disclosure Marc Maiffret (May 28)
- RE: Scanners and unpublished vulnerabilities - Full Disclosure Ryan Russell (May 29)
- Message not available
- RE: Scanners and unpublished vulnerabilities - Full Disclosure Deus, Attonbitus (May 29)
- RE: Scanners and unpublished vulnerabilities - Full Disclosure Marc Maiffret (May 28)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Brad Mills (May 29)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure David Litchfield (May 29)