Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re[2]: GREENAPPLE Release
From: phased <phased () mail ru>
Date: Sun, 13 Feb 2005 14:51:27 +0300

I thought Full Disclosure propagators actually endorsed waiting for a
vendor to fix the vulnerability before announcing a security hole..
On the other hand what do I know? My hat is black.

Some days I find myself leaning more towards 'responsibility' while most 
days I recognize that the only way vendors learn is through repeated 
hard lessons.

Its not your responsibility to do work that they get paid for.

Consequently I keep my morals flexible as long as people's 
personal/physical safety is respected and money doesn't change hands 
when the law may be broken. There's always the golden rule if anyone 
finds themselves in need of a universal yardstick, though for a company 
like Microsoft, I do revel in seeing them take it dry. In any case, with 
all these idiotic laws, who isn't a criminal somewhere? Coming soon via 
treaty to a theatre near you!

But I digress... I wasn't rankled by what could be perceived as a 
'responsible' disclosure on Dave's part. I'm saying he and his crew sit 
on stuff and parcel it out when and where it will do the most good for 
their prestige. It might be good marketing, but I think it's cheesy how 
long some people sit on things, especially when pains are taken to point 
out that they've known about it for some time now. A little too 
Hollywood for my tastes.

We all know most of these lists exist as an advertising media.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]