Re: [Full-Disclosure] no more public exploits
From: chris (chris_at_cr-secure.net)
Date: 04/27/04
- Previous message: Nico Golde: "Re: [Full-Disclosure] programming"
- Maybe in reply to: johnny cyberpunk: "[Full-Disclosure] no more public exploits"
- Next in thread: james: "Re: [Full-Disclosure] no more public exploits"
- Reply: james: "Re: [Full-Disclosure] no more public exploits"
- Reply: Felipe Cerqueira - skylazart: "Re: [Full-Disclosure] no more public exploits"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Tue, 27 Apr 2004 13:19:44 -0400
Heres my two cents :-/
Exploit code is better kept private.
Advisories should be public.
Why?
Because exploit code is not easy to write depending on the bug. And I
for one sure dont want some 'penetration tester' taking my code and
plugging it into his automated scanner and collecting the cash. Im far
to greedy to watch that happen. Sorry.
NON-Disclosure of Exploit code.
Full-Disclosure of Advisories.
As far as the discussion of sysadmins patching on time or not. All I
will say is this . . . if they did patch on time there wouldnt be a
www.zone-h.org.
- borg (ChrisR-)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Nico Golde: "Re: [Full-Disclosure] programming"
- Maybe in reply to: johnny cyberpunk: "[Full-Disclosure] no more public exploits"
- Next in thread: james: "Re: [Full-Disclosure] no more public exploits"
- Reply: james: "Re: [Full-Disclosure] no more public exploits"
- Reply: Felipe Cerqueira - skylazart: "Re: [Full-Disclosure] no more public exploits"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
