Re: [Full-Disclosure] Information Week: 2/3 of pros want immediate disclosure

• Previous message: Duncan Hill: "Re: [Full-Disclosure] http://209.50.251.182/new-exploit5/"
• Maybe in reply to: Steven M. Christey: "[Full-Disclosure] Information Week: 2/3 of pros want immediate disclosure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Ingevaldson, Dan (ISS Atlanta)" <dsi@iss.net>
Date: Thu, 08 Jul 2004 21:30:27 -1000

Ingevaldson, Dan (ISS Atlanta) wrote:
> What would the results look like if you asked a loaded question that
> leaned in the other direction?
>
> "Should software vendors disclose information about software
> vulnerabilities to the global hacking community at the same time as all
> their customers who haven't yet implemented a working patch management
> process?"

How about this one, too, so we'll know the technical competency of the
people who provide answers to the first two questions:

"Do you believe it is possible for software vendors to disclose
information about software vulnerabilities to their customers without
the global hacking community learning about that disclosure?"

Any answer other than "No." would prove the respondant is not qualified
to give answers to such questions.

Sincerely,

Jason Coombs
jasonc@science.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Duncan Hill: "Re: [Full-Disclosure] http://209.50.251.182/new-exploit5/"
• Maybe in reply to: Steven M. Christey: "[Full-Disclosure] Information Week: 2/3 of pros want immediate disclosure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]