Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Things to do before vulnerability disclosure
From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Thu, 18 Jun 2009 09:25:36 -0400

We offer our researchers safe harbor so long as they follow our rules of engagement. That safe harbor is backed by very well informed council, the community, and the media. Simply put, if you're on the right side of the fence doing the right thing you'll have the support of the "people" and "they" won't.

On Jun 17, 2009, at 10:34 PM, Jeffrey Walton wrote:

The politics of it depend on the situation.
It's really unfortunate that there is no Safe Harbor for legitimate researchers.

Jeff

On 6/17/09, Adriel T. Desautels <ad_lists () netragard com> wrote:
Vulnerability disclosure is a powerful tool that hackers can use to force otherwise unwilling vendors to fix risks in their technology as opposed to just keeping the risks quiet and keeping customers ignorant. The truth is that without it software would still be very insecure and poorly written.
The politics of it depend on the situation.

[SNIP]



        Adriel T. Desautels
        ad_lists () netragard com
        --------------------------------------

        Subscribe to our blog
        http://snosoft.blogspot.com


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]