Full Disclosure: Re: Vulnerability in reCAPTCHA for Drupal

[Charles Morris <cmorris () cs odu edu>]

> > It is my personal belief that all vulnerabilities should be patched
> > regardless of existence of a known attack vector or exploit.
> Let me fix that for you:
>
> All vulnerabilities should be evaluated as to whether patching them
> makes sense.  If it's a one-liner fix for a stupid logic error, yes
> it probably should be patched whether or not there's a known exploit.
...
> So yes, evaluation is needed.  But patching it may not make any realistic
> sense, depending on the nature of the issue and who is potentially affected.

I agree Valdis, and I personally used shatter when it was popularized..
resulting in tons of fun here at the university with my colleagues.

However, I'm simply stating a belief in a more abstract sense,
I agree beliefs are not always realistic, but personally I /do/ make
that guarantee whenever I write a piece of code.

I am very aware I must compromise this belief when working in the market,
like most of my other beliefs and morals, and I do so daily.

Then I go home and cry myself to sleep.

Charles

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/