>From Krish Ahya on Sunday, 03 February, 2002:
>I understand this, but thats all the more reason to not release an exploit.
>An advisory only would have better suited the situation, especially when the
>vendor won't fix the problem.
Maybe. If Vendor doesn't release Patch, IMHO, publicizing the hole
and then, maybe a while later, releasing the exploit is the proper
way to go. Be vocal about it and the reasons for posting it like that,
and people will migrate to a different (hey, Free Software guarantees
at least *someone* can make a patch, even if Vendor is too lazy)
software, since they now know that Vendor does not care about security.
--Joseph
--
Joseph======================================================jap3003_at_ksu.edu
"If you really want to toggle [Internet Explorer] into secure mode, you
just need to click the little 'X" in the top right corner of the window."
--User dsb3 on www.slashdot.org. [Use Mozilla! www.mozilla.org.]
Received on Feb 04 2002
Intro
