> iss forgot it's handling of the apache chunk bug:
> http://www.derkeiler.com/Mailing-Lists/ISS/2002-06/0009.html
> quote:
> ------
> ISS X-Force deals with all vendors on a case-by-case basis
> to provide maximum protection for **our customers** and the community.
> ------
Last I checked Gobbles found this exploit and ISS simply reported it being exploited in the wild.
Of course they are going to alert their *paying customers* before alerting the public mailing lists.
- zeno
http://www.cgisecurity.com
>
> --
> where do you want bill gates to go today?
>
> On Tue, Aug 09, 2005 at 07:04:23PM -0400, Ingevaldson, Dan (ISS Atlanta) wrote:
> > Just in case anyone is interested, the ISS Vulnerability Disclosure
> > Guidelines were made public a couple years ago, and last revised on July
> > 15, 2004. The document is available here:
> >
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Aug 10 2005
Intro
