Re: Disclosure Debate - yet again
From: Matthew Ramadanovic (matthew.ramadanovic_at_YALE.EDU)
Date: Fri, 8 Oct 2004 17:31:28 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
>Can we get consensus, even if just among the current group in this
>discussion, that "user friendly" PoCs are bad?
Absolutely, if 1% of competent people write malicious code yet only 1% of
those people could write it from scratch it is quite logical that the first
step should be to eliminate the risk created by the 99%.
While it is fun to see the exploit first hand, I've never accomplished
anything really productive by following an exploit recipe. By now there have
been so many that even that small amount of fun has worn off.
Yale University Investments Office
-- NTBugtraq Editor's Note: Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field. --