Steve Friedl wrote:
>On Wed, Apr 13, 2005 at 10:54:34AM -0400, bkfsec wrote:
>
>
>>It doesn't matter how much honey is poured into people's ears (or smoke
>>blown up their asses, if you will), it's the proof that's in the pudding
>>that counts, and the pudding is sour.
>>
>>
>
>Even if you decide, for the sake of discussion, that Microsoft sucks,
>there is still a good reason to work with MSFT on disclosure: the users.
>
>
>
I agree with you. I wasn't implying that people shouldn't work with
MSFT on disclosures, rather that their attitude had not changed nearly
as much as some people seem to think it has.
There's also a big difference between should and must. Security
researchers should work with vendors to get solutions out responsibly,
including Microsoft, but they should not be restricted from publishing
their findings if a vendor just wants to sweep things under a rug.
-Barry
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Apr 13 2005
Intro
