Dailydave mailing list archives
Re: A really bad month for Novell
From: "David Endler" <dendler () tippingpoint com>
Date: Fri, 1 Dec 2006 07:14:44 -0600
from: http://www.zerodayinitiative.com/advisories/ZDI-06-043.html 2005.07.07 - Digital Vaccine released to TippingPoint
customers
2006.10.02 - Vulnerability reported to vendor
I can understand the confusion. TippingPoint already protected its customers against this vulnerability with a preexisting security filter released in 2005. This particular Zero Day Initiative vulnerability was purchased by us shortly before we disclosed it to the vendor in 2006. Unfortunately the purchase/acquisition dates are not included the disclosure timelines, which led to the confusion here. On average, it may take the ZDI team several days or sometimes a couple of weeks to validate a vulnerability depending on how much work the security researcher has done up front, if other vulnerabilities shake loose as a result of the particular find, and how many other issues are in their queue. -dave p.s. To quell the conspiracy theorists, we didn't actually launch the Zero Day Initiative until August 2005. http://zdi.3com.com/faq.html _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- A really bad month for Novell Dave Aitel (Nov 30)
- Re: A really bad month for Novell Dude VanWinkle (Nov 30)
- Re: A really bad month for Novell Anton Chuvakin (Dec 01)
- <Possible follow-ups>
- Re: A really bad month for Novell David Endler (Dec 01)
- Re: A really bad month for Novell Steven M. Christey (Dec 07)
- Re: A really bad month for Novell Dude VanWinkle (Nov 30)