mailing list archives
Re: GREENAPPLE Release
From: "Byron L. Sonne" <blsonne () rogers com>
Date: Sat, 12 Feb 2005 22:33:42 -0500
I thought Full Disclosure propagators actually endorsed waiting for a
vendor to fix the vulnerability before announcing a security hole..
On the other hand what do I know? My hat is black.
Some days I find myself leaning more towards 'responsibility' while most
days I recognize that the only way vendors learn is through repeated
Consequently I keep my morals flexible as long as people's
personal/physical safety is respected and money doesn't change hands
when the law may be broken. There's always the golden rule if anyone
finds themselves in need of a universal yardstick, though for a company
like Microsoft, I do revel in seeing them take it dry. In any case, with
all these idiotic laws, who isn't a criminal somewhere? Coming soon via
treaty to a theatre near you!
But I digress... I wasn't rankled by what could be perceived as a
'responsible' disclosure on Dave's part. I'm saying he and his crew sit
on stuff and parcel it out when and where it will do the most good for
their prestige. It might be good marketing, but I think it's cheesy how
long some people sit on things, especially when pains are taken to point
out that they've known about it for some time now. A little too
Hollywood for my tastes.
Whitehat or blackhat, whatever discipline, it's all the same beef if you
Full-Disclosure - We believe in it.