Re: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google



On 7/7/06, Mike Duncan <security@xxxxxxxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Martin O'Neal wrote:

Actually, I think this is the point the author was trying to make. We
should not be thinking about the interests of a company who has ignored
issues in the past.

Ignored what? A non-security alert that was probably understood as a joke?

The author did the right thing here by posting examples in the past of
Google ignoring possible issues with their website.

Just because someone does not get a reply to an email does not mean
that the issue(s) are ignored.

I think the author
actually went above and beyond the "requirements" of the list(s) and its
reader base as well.

I think not.

http://www.wiretrip.net/rfp/policy.html

And the debate continues...

Nothing to really debate. This list is not a band wagon. You should
not just jump on and assume you know the ACCEPTED and UNDERSTOOD
guidelines.

On top of that, what is up with your ignorance with adding every
person in the thread to your CC list? You like duplicate emails so
force them on other people? Read http://www.ietf.org/rfc/rfc1855.txt

Mike Duncan
security@xxxxxxxxxxxxxx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFErnK1OSRBehttuMoRAu2KAKDCWdH1z3RuZ4stX0PeQY5ely3KiQCfaR8b
y4pY794d1xgNW6P1tsIdqtk=
=a/SO
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages