Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Things to do before vulnerability disclosure

From: Jeremy Brown <0xjbrown41 () gmail com>
Date: Tue, 16 Jun 2009 17:24:36 -0400
That was an awfully strong "could", some (me) would even take as
"actually". Maybe you should use words and write sentences with more
character than FUD.

On Tue, Jun 16, 2009 at 4:10 PM, Giuseppe
Fuggiano<giuseppe.fuggiano () gmail com> wrote:

2009/6/16 Jeremy Brown <0xjbrown41 () gmail com>:

Is that the same principle as speaking implies you know what your
talking about? There are many other ways to find bugs, even finding
them by accident. Reverse engineering is only one of them. To say that
finding bugs in software implies the researcher disassembled the
binary is ridiculous.


You should read again and more carefully what I wrote.

"Finding a bug _and_writing_an_exploit_ *could* imply disassembly/debugging
proprietary code."

There's NOTHING ridiculous in that statement.

Try to understand the meaning of what you're reading more deeply than
you actually do.

Thanks for your reply.

--
Giuseppe



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: