Penetration Testing mailing list archives

Re: Scanners and unpublished vulnerabilities - Full Disclosure

From: Renaud Deraison <deraison () nessus org>
Date: Wed, 29 May 2002 01:16:06 +0200

On Tue, May 28, 2002 at 12:05:43PM -0600, Alfred Huger wrote:

In brief they are now unloading limited details to the public about
vulnerabilities they have notified vendors about.


I'm not surprised - three years ago, I said that would happen[1],
although I was expecting tighter cooperation between producers of
security holes (software vendors) and scanners. 

When antivirus publishers have been accused of _secretely_ funding the
developement of new virii, they have been slammed by everyone. Oddly, 
scanning for unknown vulnerabilities seems to be something worth to brag
about.
                                -- Renaud

[1] http://security-archive.merton.ox.ac.uk/bugtraq-199907/0014.html

-- 
Renaud Deraison
The Nessus Project
http://www.nessus.org


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Re: Scanners and unpublished vulnerabilities - Full Disclosure, (continued)
- - Re: Scanners and unpublished vulnerabilities - Full Disclosure Alfred Huger (May 28)
    - Re: Scanners and unpublished vulnerabilities - Full Disclosure Raju Mathur (May 28)
    - Re: Scanners and unpublished vulnerabilities - Full Disclosure R. DuFresne (May 29)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Pierre Vandevenne (May 28)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Drew (May 28)
  - RE: Scanners and unpublished vulnerabilities - Full Disclosure Marc Maiffret (May 28)
    - RE: Scanners and unpublished vulnerabilities - Full Disclosure Deus, Attonbitus (May 28)
    - RE: Scanners and unpublished vulnerabilities - Full Disclosure Marc Maiffret (May 28)
    - RE: Scanners and unpublished vulnerabilities - Full Disclosure Ryan Russell (May 29)
    - Message not available
    - RE: Scanners and unpublished vulnerabilities - Full Disclosure Deus, Attonbitus (May 29)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Renaud Deraison (May 28)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Vanja Hrustic (May 29)
  - Re: Scanners and unpublished vulnerabilities - Full Disclosure Brad Mills (May 29)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure batz (May 29)
  - Re: Scanners and unpublished vulnerabilities - Full Disclosure David Litchfield (May 29)
    - Re: Scanners and unpublished vulnerabilities - Full Disclosure batz (May 29)
    - Re: Scanners and unpublished vulnerabilities - Full Disclosure Jon Bull (May 30)
    - Re: Scanners and unpublished vulnerabilities - Full Disclosure David Litchfield (May 30)
    - Re: Scanners and unpublished vulnerabilities - Full Disclosure hellNbak (May 30)
    - Re: Scanners and unpublished vulnerabilities - Full Disclosure J Jacoby (May 31)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure David Litchfield (May 28)

(Thread continues...)