Penetration Testing mailing list archives
Re: Scanners and unpublished vulnerabilities - Full Disclosure
From: Drew <simonis () myself com>
Date: Wed, 29 May 2002 09:32:44 -0400
| Seems to me like a thinly vieled marketing announcment. Worked, too. | | I don't notice anything _too_ radically seperated from well known | vulnerability disclosure methods, with the singular exception that | they do not make accomodations for a responsive vendor who has not | yet released a patch, which is on contrast to the RFPolicy, a well | known disclosure roadmap, and the referenced Christey-Wysopal policy. | | I read it as "Buy our scanner and you'll have access to vulnerabilities | others don't yet have". |
I couldn't agree more. I personally see it as a ploy touting the fact that their purchasable product will now and then be able to look for some vulnerabilities that other products wont be able to.And this is wrong how? If David can protect his customers on a pro-active basis and allow them assess their own risk I can't see how you find fault in it.
My original point was not that this is wrong or right. I wasn't trying to make any value judgments on the merit of this process, but instead on the overall technical value of the announcement. It is rather like my announcement that I my name is Drew Simonis, but I've decided to spell it "Drew simonis". (note the lowercase!) I hardly think this would start a rollicking discussion or new group in alt.genealogy.surnames.* In short, there is nothing of value in the announcement. They are telling us that they are going to follow well known disclosure policies. Isn't that a given for a respectable company? This is why I characterized the announcement as a marketing ploy... for the lack of content, not the value of the content. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Scanners and unpublished vulnerabilities - Full Disclosure, (continued)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Brad Mills (May 29)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure batz (May 29)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure David Litchfield (May 29)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure batz (May 29)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Jon Bull (May 30)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure David Litchfield (May 30)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure hellNbak (May 30)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure J Jacoby (May 31)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure David Litchfield (May 29)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Drew (May 29)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Patrik Birgersson (May 29)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Philippe De ARAUJO (May 30)
- RE: Scanners and unpublished vulnerabilities - Full Disclosure Samuel Cure (May 31)