Vulnerability Development mailing list archives
about disclosure of nimda logs
From: lorenzo <lorenzo () digitalmind it>
Date: 08 May 2002 20:01:16 +0200
I agree with the fact that on those mailing lists there is a full disclosure of vulnerabilities; but let us not forget that there is usually a period of time left to the vendors to fix them. So, why not allow a period of time after which the logs will be made public? The question is: can the owner of the machine be contacted? If yes, then allow him 2 weeks. If not, let's say 3 weeks. I'm saying '3 weeks' because sometimes people don't want to leave contact information, or their contact e-mail are too spammed - so it's not necessarily their fault if they cannot be contacted. But after 3 weeks I assume that every script kiddie in the world will have the machine's address, so publishing it won't affect too much the bandwidth. Opinions? -- lorenzo lorenzo () digitalmind it
Current thread:
- about disclosure of nimda logs lorenzo (May 08)
- RE: about disclosure of nimda logs leon (May 08)