Vulnerability Development mailing list archives
RE: Complicated Disclosure Scenario
From: "Nathan Anderson" <nathan () andersonsplace net>
Date: Thu, 17 Jan 2002 09:08:46 -0800
Josha,
I encouraged the vendor to begin their own investigation. They ignored
this, and again stated that they would await my results.<< 1. If you feel confident in your ability to exploit it then my opinion is that you offer to do the investigation at an hourly fee. (Make sure you get written documentation to any agreement with said vendor) Your time is valuable and _they_ are the responsible party for tracking it down and fixing it -- not you. So if they want you to track it down, they should pay you. Otherwise: You plainly inform them that you will be releasing the advisory in two weeks or one month and give them the date of release. Nathan.
Current thread:
- Complicated Disclosure Scenario Josha Bronson (Jan 17)
- Re: Complicated Disclosure Scenario terry white (Jan 17)
- RE: Complicated Disclosure Scenario Nathan Anderson (Jan 17)
- Re: Complicated Disclosure Scenario KF (Jan 17)
- Re: Complicated Disclosure Scenario Giurgiu Sergiu (Jan 17)
- Re: Complicated Disclosure Scenario Ryan Permeh (Jan 17)
- Re: Complicated Disclosure Scenario David Carroll (Jan 17)
- Re: Complicated Disclosure Scenario Nick Lange (Jan 17)
- Re: Complicated Disclosure Scenario Bill Weiss (Jan 17)
- Re: Complicated Disclosure Scenario Florian Weimer (Jan 17)
- Re: Complicated Disclosure Scenario Nick Lange (Jan 17)
- Re: Complicated Disclosure Scenario Mariusz Mazur (Jan 17)
- Re: Complicated Disclosure Scenario Dan (Jan 17)
(Thread continues...)