Vulnerability Development mailing list archives
RE: IE Crashing MICROSOFT RESPONSE
From: zeno <zeno () cgisecurity net>
Date: Thu, 6 Dec 2001 13:55:41 -0500 (EST)
Below is a email I got from microsoft. I didn't want credit but I find it amusing that they will refuse to mention who discovered a security problem unless they are contacted first. Which means if I found a remote IIS hole and emailed other mailing lists first as far as microsoft historical documents go I wasn't even involved and they will not acknowledge my findings. If I email microsoft of the problem first then I am mentioned. I honestly don't care for a mention otherwise I would have just released a advisory Anyone else find this a tad wackey? So microsoft is reinventing history now to? - zeno () cgisecurity com
Thanks for your note and for bringing this to us. We appreciate that. As we noted in our bugtraq post, we are looking into this issue. As always, if we will take appropriate action based on our investigation. Unfortunately, you chose to take this issue public before we had a chance to fully investigate and develop a patch, if needed. I'm afraid that because of this, we won't be able to credit you in any bulletin that might result from your report. This is outlined in our acknowledgement policy at: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/bulletin/policy.asp We appreciate your bringing this to us, and hope that next time you'll work with us in a way that will allow us to credit you in any bulletin that might result. Thank you once again for bringing this to us. Regards, secure () microsoft com
Current thread:
- RE: IE Crashing MICROSOFT RESPONSE zeno (Dec 06)