Penetration Testing mailing list archives
Re: Things to do before vulnerability disclosure
From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 17 Jun 2009 22:34:59 -0400
The politics of it depend on the situation.
It's really unfortunate that there is no Safe Harbor for legitimate researchers. Jeff On 6/17/09, Adriel T. Desautels <ad_lists () netragard com> wrote:
Vulnerability disclosure is a powerful tool that hackers can use to force otherwise unwilling vendors to fix risks in their technology as opposed to just keeping the risks quiet and keeping customers ignorant. The truth is that without it software would still be very insecure and poorly written. The politics of it depend on the situation. [SNIP]
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Things to do before vulnerability disclosure Giuseppe Fuggiano (Jun 15)
- Re: Things to do before vulnerability disclosure Geoffrey J Gowey (Jun 15)
- Re: Things to do before vulnerability disclosure Justin Ferguson (Jun 15)
- Re: Things to do before vulnerability disclosure Giuseppe Fuggiano (Jun 16)
- Re: Things to do before vulnerability disclosure Jeremy Brown (Jun 16)
- Message not available
- Re: Things to do before vulnerability disclosure Jeremy Brown (Jun 17)
- Re: Things to do before vulnerability disclosure Aarón Mizrachi (Jun 17)
- Re: Things to do before vulnerability disclosure Adriel T. Desautels (Jun 17)
- Re: Things to do before vulnerability disclosure Jeffrey Walton (Jun 18)
- Re: Things to do before vulnerability disclosure Adriel T. Desautels (Jun 18)
- RE: Things to do before vulnerability disclosure Nick Vaernhoej (Jun 18)
- RE: Things to do before vulnerability disclosure Paul Melson (Jun 20)
- Re: Things to do before vulnerability disclosure Geoffrey J Gowey (Jun 15)
- RE: Things to do before vulnerability disclosure Paul Melson (Jun 17)
- <Possible follow-ups>
- Re: Things to do before vulnerability disclosure noloader (Jun 17)
- Re: Things to do before vulnerability disclosure noloader (Jun 18)
- Re: Things to do before vulnerability disclosure Adriel T. Desautels (Jun 18)