Re: [Full-disclosure] Vulnerabilities Hashes DB needed
- From: Alexander Klink <a.klink@xxxxxxxxx>
- Date: Sun, 6 May 2007 22:18:08 +0200
Hi,
On Sun, May 06, 2007 at 05:45:45PM +0200, shadown wrote:
2- There are some vendors that are really dificult to deal with. It took meThat would definitely be helpful, the situation sounds familiar ...
about 4 months to get the right contact to report the bugs, and this would
be another think to think about, A public 'Vendor's Vulnerability Reporting
Contact DB/List'.
The main mailling list should create a 'Vulnerabilities Hashes mailing list'You should have a look at the (free) PGP Digital Timestamping Service
where the researches comunity can send the hashes of the PoC files just
before they conctact the vendors. That way if the vendors do not give the
proper credits to the researchers, at least the researches will have another
proof to show that they were the ones that reported the vulnerabilities, and
not just the mails they've crossed with the vendors.
at http://www.itconsult.co.uk/stamper/stampinf.htm. No need to reinvent
the wheel there, it's been alive for about 12 years now and will
timestamp and PGP sign anything you send it, including hashes.
HTH,
Alex
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- [Full-disclosure] Vulnerabilities Hashes DB needed
- From: shadown
- [Full-disclosure] Vulnerabilities Hashes DB needed
- Prev by Date: Re: [Full-disclosure] Vulnerabilities Hashes DB needed
- Next by Date: Re: [Full-disclosure] [Dailydave] Vulnerabilities Hashes DB needed
- Previous by thread: Re: [Full-disclosure] Vulnerabilities Hashes DB needed
- Next by thread: Re: [Full-disclosure] [Dailydave] Vulnerabilities Hashes DB needed
- Index(es):
Relevant Pages
|
