Penetration Testing mailing list archives
Re: Scanners and unpublished vulnerabilities - Full Disclosure
From: batz <batsy () vapour net>
Date: Wed, 29 May 2002 14:35:09 -0400 (EDT)
On Wed, 29 May 2002, David Litchfield wrote: :This comment (and some which follow) indicate you've missed on of the key :points. When the vendor does release a patch NGSSoftware will follow up with :full details as normal. The VNA is not intended to replace our normally full :advisory - it simply exists as an interim solution to 'help' ensure vendors :release patches in a timely fsahion. Aah, this wasn't clear to me and (evidently) many others. I'm sure it's in there somewhere, but maybe you could emphasize it a bit more? :By putting these checks in Typhon, which we've always done, we buy a week or :two advantage over something like Nessus. Indeed. I don't see how this process is even inconsistent with the full disclosure approach. I have admittedly been more of an advocate than a practitioner of full disclosure, but maybe someone could point out more clearly how this will deprive the underground of its toys? ;) Cheers, -- batz ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- RE: Scanners and unpublished vulnerabilities - Full Disclosure, (continued)
- RE: Scanners and unpublished vulnerabilities - Full Disclosure Marc Maiffret (May 28)
- RE: Scanners and unpublished vulnerabilities - Full Disclosure Deus, Attonbitus (May 28)
- RE: Scanners and unpublished vulnerabilities - Full Disclosure Marc Maiffret (May 28)
- RE: Scanners and unpublished vulnerabilities - Full Disclosure Ryan Russell (May 29)
- Message not available
- RE: Scanners and unpublished vulnerabilities - Full Disclosure Deus, Attonbitus (May 29)
- RE: Scanners and unpublished vulnerabilities - Full Disclosure Marc Maiffret (May 28)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Brad Mills (May 29)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure David Litchfield (May 29)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure batz (May 29)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Jon Bull (May 30)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure David Litchfield (May 30)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure hellNbak (May 30)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure J Jacoby (May 31)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Patrik Birgersson (May 29)