Home page logo

fulldisclosure logo Full Disclosure mailing list archives

From: "Byron L. Sonne" <blsonne () rogers com>
Date: Sat, 12 Feb 2005 22:33:42 -0500

I thought Full Disclosure propagators actually endorsed waiting for a
vendor to fix the vulnerability before announcing a security hole..
On the other hand what do I know? My hat is black.

Some days I find myself leaning more towards 'responsibility' while most days I recognize that the only way vendors learn is through repeated hard lessons.

Consequently I keep my morals flexible as long as people's personal/physical safety is respected and money doesn't change hands when the law may be broken. There's always the golden rule if anyone finds themselves in need of a universal yardstick, though for a company like Microsoft, I do revel in seeing them take it dry. In any case, with all these idiotic laws, who isn't a criminal somewhere? Coming soon via treaty to a theatre near you!

But I digress... I wasn't rankled by what could be perceived as a 'responsible' disclosure on Dave's part. I'm saying he and his crew sit on stuff and parcel it out when and where it will do the most good for their prestige. It might be good marketing, but I think it's cheesy how long some people sit on things, especially when pains are taken to point out that they've known about it for some time now. A little too Hollywood for my tastes.

Whitehat or blackhat, whatever discipline, it's all the same beef if you hoard knowledge.
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]