Secure Coding mailing list archives
[WEB SECURITY] RE: blog post and open source vulnerabilities to blog about
From: mparsons1980 at gmail.com (Matt Parsons)
Date: Tue, 16 Mar 2010 14:52:04 -0500
I am not suggesting exposing zero days. I only want known vulnerabilities in applications like web goat etc that are known to everyone. I don't even plan on naming where each vulnerability comes from but rather instead change the code to protect the innocent. I would never encourage promoting sharing zero days. I hope this clears it up. Thanks, Matt Matt Parsons, MSM, CISSP 315-559-3588 Blackberry 817-294-3789 Home office "Do Good and Fear No Man" Fort Worth, Texas A.K.A The Keyboard Cowboy <mailto:mparsons1980 at gmail.com> mailto:mparsons1980 at gmail.com <http://www.parsonsisconsulting.com> http://www.parsonsisconsulting.com <http://www.o2-ounceopen.com/o2-power-users/> http://www.o2-ounceopen.com/o2-power-users/ <http://www.linkedin.com/in/parsonsconsulting> http://www.linkedin.com/in/parsonsconsulting <http://parsonsisconsulting.blogspot.com/> http://parsonsisconsulting.blogspot.com/ <http://www.vimeo.com/8939668> http://www.vimeo.com/8939668 0_0_0_0_250_281_csupload_6117291 untitled From: Arshan Dabirsiaghi [mailto:arshan.dabirsiaghi at aspectsecurity.com] Sent: Tuesday, March 16, 2010 2:49 PM To: McGovern, James F. (P+C Technology); Matt Parsons; OWASPDallas at utdallas.edu Cc: websecurity at webappsec.org; SC-L at securecoding.org Subject: RE: [WEB SECURITY] RE: [SC-L] blog post and open source vulnerabilities to blog about I'm not sure Matt was suggesting burning sharing 0days, but if he was, I think he should not be discouraged. I think disclosure preference should be something like a "protected class" within OWASP. Arshan From: McGovern, James F. (P+C Technology) [mailto:James.McGovern at thehartford.com] Sent: Tuesday, March 16, 2010 2:36 PM To: Matt Parsons; OWASPDallas at utdallas.edu Cc: websecurity at webappsec.org; SC-L at securecoding.org Subject: [WEB SECURITY] RE: [SC-L] blog post and open source vulnerabilities to blog about This doesn't feel like responsible disclosure and is not the way to announce weaknesses in software. It is best to deal with scenarios that have already been addressed. _____ From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org] On Behalf Of Matt Parsons Sent: Tuesday, March 16, 2010 11:41 AM To: OWASPDallas at utdallas.edu Cc: websecurity at webappsec.org; SC-L at securecoding.org Subject: [SC-L] blog post and open source vulnerabilities to blog about Hello, I am working on a software security blog and I am trying to find open source vulnerabilities to present and share. Does anyone else have any open source vulnerabilities that they could share and talk about? I think this could be the best way to learn in the open source community about security. I have a few but I would like to blog about a different piece of code almost every day. God Bless. Matt http://parsonsisconsulting.blogspot.com/ Matt Parsons, MSM, CISSP 315-559-3588 Blackberry 817-294-3789 Home office "Do Good and Fear No Man" Fort Worth, Texas A.K.A The Keyboard Cowboy mailto:mparsons1980 at gmail.com http://www.parsonsisconsulting.com http://www.o2-ounceopen.com/o2-power-users/ http://www.linkedin.com/in/parsonsconsulting http://parsonsisconsulting.blogspot.com/ http://www.vimeo.com/8939668 0_0_0_0_250_281_csupload_6117291 untitled ************************************************************ This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ************************************************************ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://krvw.com/pipermail/sc-l/attachments/20100316/dfb1c096/attachment-0001.htm> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1719 bytes Desc: not available URL: <http://krvw.com/pipermail/sc-l/attachments/20100316/dfb1c096/attachment-0004.jpeg> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 2000 bytes Desc: not available URL: <http://krvw.com/pipermail/sc-l/attachments/20100316/dfb1c096/attachment-0005.jpeg> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1719 bytes Desc: not available URL: <http://krvw.com/pipermail/sc-l/attachments/20100316/dfb1c096/attachment-0006.jpeg> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 2000 bytes Desc: not available URL: <http://krvw.com/pipermail/sc-l/attachments/20100316/dfb1c096/attachment-0007.jpeg>
Current thread:
- blog post and open source vulnerabilities to blog about Matt Parsons (Mar 16)
- blog post and open source vulnerabilities to blog about Jon Rose (Mar 16)
- blog post and open source vulnerabilities to blog about McGovern, James F. (P+C Technology) (Mar 16)
- [WEB SECURITY] RE: blog post and open source vulnerabilities to blog about Arshan Dabirsiaghi (Mar 16)
- [WEB SECURITY] RE: blog post and open source vulnerabilities to blog about Matt Parsons (Mar 16)
- [WEB SECURITY] RE: blog post and open source vulnerabilities to blog about Steven M. Christey (Mar 18)
- [WEB SECURITY] RE: blog post and open source vulnerabilities to blog about Arshan Dabirsiaghi (Mar 16)
- blog post and open source vulnerabilities to blog about Greg Beeley (Mar 16)
- blog post and open source vulnerabilities to blog about Dan Cornell (Mar 17)