|
Penetration Testing
mailing list archives
Re: Things to do before vulnerability disclosure
From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Thu, 18 Jun 2009 09:25:36 -0400
We offer our researchers safe harbor so long as they follow our rules
of engagement. That safe harbor is backed by very well informed
council, the community, and the media. Simply put, if you're on the
right side of the fence doing the right thing you'll have the support
of the "people" and "they" won't.
On Jun 17, 2009, at 10:34 PM, Jeffrey Walton wrote:
The politics of it depend on the situation.
It's really unfortunate that there is no Safe Harbor for legitimate
researchers.
Jeff
On 6/17/09, Adriel T. Desautels <ad_lists () netragard com> wrote:
Vulnerability disclosure is a powerful tool that hackers can use to
force
otherwise unwilling vendors to fix risks in their technology as
opposed to
just keeping the risks quiet and keeping customers ignorant. The
truth is
that without it software would still be very insecure and poorly
written.
The politics of it depend on the situation.
[SNIP]
Adriel T. Desautels
ad_lists () netragard com
--------------------------------------
Subscribe to our blog
http://snosoft.blogspot.com
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
RE: Things to do before vulnerability disclosure Alex Eden (Jun 16)
Re: Things to do before vulnerability disclosure nrmaster (Jun 16)
Re: Things to do before vulnerability disclosure Anthony Cicalla (Jun 16)
|
