Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Things to do before vulnerability disclosure

From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Thu, 18 Jun 2009 09:25:36 -0400
We offer our researchers safe harbor so long as they follow our rules of engagement. That safe harbor is backed by very well informed council, the community, and the media. Simply put, if you're on the right side of the fence doing the right thing you'll have the support of the "people" and "they" won't. 

On Jun 17, 2009, at 10:34 PM, Jeffrey Walton wrote:


The politics of it depend on the situation.
It's really unfortunate that there is no Safe Harbor for legitimate researchers. 

Jeff

On 6/17/09, Adriel T. Desautels <ad_lists () netragard com> wrote:
Vulnerability disclosure is a powerful tool that hackers can use to force otherwise unwilling vendors to fix risks in their technology as opposed to just keeping the risks quiet and keeping customers ignorant. The truth is that without it software would still be very insecure and poorly written. 
The politics of it depend on the situation.

[SNIP]




        Adriel T. Desautels
        ad_lists () netragard com
        --------------------------------------

        Subscribe to our blog
        http://snosoft.blogspot.com


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 
http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: