Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Half Disclosure

From: Gadi Evron <ge () linuxbox org>
Date: Thu, 04 Nov 2004 01:34:31 +0200
Alternatively,
I kinda like the idea of a mailing list where one can post hashes of textfiles explaining a vulnerability. Once the vulnerability is discovered elsewhere (or just fixed accidentally), the full text can be posted. This would allow for some very interesting estimates on how long bugs are known before they get fixed, without actually disseminating the bugs.
BlueBoar has talked of a similar idea, only with PGP, for quite some time now.
deff2b2c54d0ab382002698229c98be6 . This one just got fixed. I'm not sure if I'm going to release it or not. :> 

No way! You know deff2b2c54d0ab382002698229c98be6 ???
Then you MUST know: 45d9649368631e5fd7a19a8534310a91 who is the brother of: 4b303d443807b4c57c121cf62aa32ee1 and leaves in New York City! 

Anyone remembers Spaceballs?
"I am your fathers', mothers', cousin's, brother's ex room-mate!"
Actually, I considered doing checksums for Princess Bride quotes... but I'm too lazy.
Disclosure should be responsible. Doing PR about disclosure is just funny to me - disclose it and the PR is done.
What happened to the old "vendor was notified at <date>" and possibly, "this was re-reported and verified by such and such". 

        Gadi Evron.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: