here is some satire how some vendors may respond to reported security
problems.
completely fictional, any resemblance to real world or real events is just
a halucination.
1.
http://www.microsoft.com
financial empire waiting for the fate of previous empires
automated response "thanks for being a free beta tester!"
the media is told "bug hunters" are irresponsible cyber terrorists.
have enough money and enough brain to shutdown hotmail accounts.
later a patch is produced, in some cases introducing more problems.
visiting malicous web sites is not real exploit scenario.
2.
http://www.openbsd.org
Theo Deraddt, author of only one remote hole in 2^32 years.
imaginary quotes from fabricated email:
---------------------
From: Theo de Raadt
it is just a crash.
> btw, Ted Unangst <tedu@> seems better than you in PR
> bug handling. have you thought about outsourcing the PR bug handling
> to him?
he is not better at it. he only works in certain areas. but i work
all over the place, and can spray an issue out to the revelant people
very often. i'm always around...
----------------------
----------------------
From: Theo de Raadt <deraadt_at_cvs.openbsd.org>
and I TOLD you to hold off
and then you didn't.
Look, you release bugs not to help us. You do it for yourself.
Don't take me for a fool.
---------------------------
// end of fabricated quotes
3.
http://www.kernel.org
Linus Torvalds, an engineer, some funny quotes on wikiquotes.
Linus: "hmmmm, there might be more ones like this. how did you find it?"
4.
http://www.mozilla.org
Let there be dragons and foxen
mozilla: "we give cash for security bugs"
--
where do you want bill gates to go today?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Feb 06 2005
Intro
