Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Complicated Disclosure Scenario

From: Florian Weimer <Weimer () CERT Uni-Stuttgart DE>
Date: Thu, 17 Jan 2002 12:04:10 +0100
Josha Bronson <dmuz () slartibartfast angrypacket com> writes:


So, what would you do?


Write to the vendor and announce the publication of the preliminary
results within, say, two weeks, and rely on Full Disclosure forcing
the vendor to provide a fix.  (However, there might be constraints in
your license contracts which could make this illegal.)

I'm surprised that this aspect of Full Disclosure is still necessary
today.

-- 
Florian Weimer                    Weimer () CERT Uni-Stuttgart DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898
Previous By Date Next
Previous By Thread Next

Current thread: