Re: Full Disclosure of Security Vulnerabilities

[Joxean Koret <joxeankoret () yahoo es>]

Hi,

Make it public *only* if you're sure you will be free of problems after
it... If it will cause you any kind problem you should ignore it.

Joxean Koret

On mié, 2007-10-31 at 17:00 +0000, jfvanmeter () comcast net wrote:
>  Hello Everyone, I would llike to get your thoughts on Full Disclosure of Security Vulnerabilities . About 3 weeks 
> ago during a per-test of a software suite for a client of myine, I found a directory traversal in a software suite 
> that my client has installed on thousands of workstation. 
>
> I send screen shots and a packet capture to the vendor and they were able to to recreate the exploit.
>
> my cleint doesn't want to go public with it because of the thousands of workstations and servers that its installed 
> on. I also don't believe the vendor will go public with it, what would you all do? 
>
> Best Regards --John
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------

Attachment: signature.asc
Description: This is a digitally signed message part