mailing list archives
Re: there might be three people who missed it...
From: Jon Oberheide <jon () oberheide org>
Date: Thu, 22 Jul 2010 19:34:46 -0400
On Thu, 2010-07-22 at 10:13 -0700, Michal Zalewski wrote:
This brings up an interesting question I had related to cross-vendor
responsible disclosure when I came across a comment from Chris regarding
the recent libpng vulnerability in Chrome:
(I'm not reproducing the comment here since it's worth reading it in the
full context of the bug)
It's certainly a tricky issue: how does Google balance the secret
disclosure (via an innocent-sounding Chrome commit/update) of a
vulnerability that may help protect _Google's_ users (eg. Chrome users)
while potentially adversely affecting users of other vendors (when
attackers RE the update and attack unpatched browsers)?
/me grabs popcorn.
/me brought the sour patch kids and frozen cokes.
Jon Oberheide <jon () oberheide org>
GnuPG Key: 1024D/F47C17FE
Fingerprint: B716 DA66 8173 6EDD 28F6 F184 5842 1C89 F47C 17FE
Description: This is a digitally signed message part
Dailydave mailing list
Dailydave () lists immunitysec com