Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Vulnerabilities in some SCADA server softwares
From: Luigi Auriemma <aluigi () autistici org>
Date: Mon, 21 Mar 2011 20:02:31 +0000

At what point in time did you try contacting any of the vendors for
these issues?

the vendors of the affected softwares have not been contacted.

How do you propose a manufacturer fix an issue?

in the security field a public vulnerability is a dead vulnerability,
anyone who has found and released at least one security bug in his life
knows it and knows to what I refer.

90% of the job of fixing a bug is just finding it first, I have even
showed the details, the causes and the ways to replicate them.

Where in any of your advisories did you take the time to let a company
know: "hey you guys have some potential issues, here they are!!!"

I have done it in the exact moment that I have uploaded my advisories on
my website making anyone aware of the problems, included the same
vendors that now can fix them.

Luigi Auriemma

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]