Re: [Full-Disclosure] [OT] Re: Quick Question
From: hellNbak (firstname.lastname@example.org)
From: hellNbak <email@example.com> To: Georgi Guninski <firstname.lastname@example.org> Date: Mon, 17 Mar 2003 19:45:32 -0600 (CST)
> [sorry for the flame war, but this more of the faq]
I wasn't aware that this was a flame war. Some are mature enough to
debate a subject without resorting to such silly things.
> I support my words that I don't do security work for the money.
> Of course I have to do something for living.
> Once again money is not sufficient incentive.
Care to actually back this argument up? It is clear that you, like most
of us (there is nothing really wrong with it in my opinion) are a security
consultant. You take what you enjoy and what you seem to be good at and
make a living from it. There is nothing wrong with that as long as you
are honest about it. Perhaps that is the problem.
> The IETF just said "NO" to this.
Yes, and they did so based on some valid reasons but that does not take
away from the need for a standard.
> RFP can do whatever he wants with his 0days and I don't care.
> But his writings do not apply to me.
> btw, have not seen interesting stuff from RFP recently (don't have anything
> against him).
So you are saying that by being responsible or even having a standard
somehow prohibits research? Wow, if that is truly the case I can see why
you are so against a structured reporting policy.
> From the above url:
> "There is no industry consensus on what constitutes best pratices for
> vulnerability disclosure"
> So what?
And your point is? You are right, there isn't a standard. But that
doesn't mean that there shouldn't be one.
> Have you read this:
> Free Hacker Manifest
> People seem to support this, you know.
Yes, some do. Again, highlighting the need for an accepted standard.
> Also, if you use your 3l33t s34rching skills, you can find that in 98-99
> microsoft publicly thanked me for the exactly the same behavior.
Judging by your opening lines, I think it is you Georgi who owns the 31337
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- "I don't intend to offend, I offend with my intent" hellNbak@nmrc.org http://www.nmrc.org/~hellnbak -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html