Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Operating Systems Security, "Microsoft Security, baby steps"
From: Mark J Cox <mjc () apache org>
Date: Thu, 18 Mar 2004 11:23:32 +0000 (GMT)

We don't even know how many weeks this bug was in circulation in the
vendor community before that date.

The OpenSSL issues were disclosed to the NISCC by me on February 25th
2004, the NISCC then notified vendors starting on February 26th with the
embargo date of March 17th.  The OpenSSL group had been working with the
Codenomicon test suite since the start of February, but we wanted to make
sure that we'd found all the issues and concluded our testing before we
started the notification process.

Mark J Cox ........................................... www.awe.com/mark
Apache Software Foundation ..... OpenSSL Group ..... Apache Week editor

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]