Re: [Full-disclosure] Publishing exploit code - what is it good for

• Previous message: James Wicks: "Re: [Full-disclosure] Publishing exploit code - what is it good for"
• In reply to: Jason Coombs: "Re: [Full-disclosure] Publishing exploit code - what is it good for"
• Next in thread: KF (lists): "Re: [Full-disclosure] Publishing exploit code - what is it good for"
• Reply: KF (lists): "Re: [Full-disclosure] Publishing exploit code - what is it good for"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 30 Jun 2005 15:37:48 -0400
To: jasonc@science.org, full-disclosure@lists.grok.org.uk

I have had administrators refuse to patch systems until I could prove
that I could break in using an exploit right in front of them. I've
been told that they need to balance my theoritical risk against their
actual outlay of resources (yet, for some reason, they bet the
lottery).

On 6/30/05, Jason Coombs <jasonc@science.org> wrote:
> > What I need is a security administrator, CSO, IT manager or sys admin
> > that can explain why they find public exploits are good for THEIR
> > organizations. Maybe we can start changing public opinion with regards
> > to full disclosure, and hopefully start with this opinion leader.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Previous message: James Wicks: "Re: [Full-disclosure] Publishing exploit code - what is it good for"
• In reply to: Jason Coombs: "Re: [Full-disclosure] Publishing exploit code - what is it good for"
• Next in thread: KF (lists): "Re: [Full-disclosure] Publishing exploit code - what is it good for"
• Reply: KF (lists): "Re: [Full-disclosure] Publishing exploit code - what is it good for"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]