Re: [Full-disclosure] Vulnerabilities Hashes DB needed
- From: "Morning Wood" <se_cur_ity@xxxxxxxxxxx>
- Date: Sun, 6 May 2007 11:26:50 -0700
As I do believe in responsible disclosure, I don't agree with 'giving up and
launchin 0days' so that vendors eat their s**t, the following is what I
think is the best solution for it.
Once I developed this, vendors were typicaly fast to respond...
This link is sent upon first contact to the vendor with PoC.
Further you should date your PoC and research notes, another good
tactic to take is to place your advisory on a webserver, accessable to
the vendor but not the public. This also helps establish your timeline so
a vendor cannot claim it was fixed "on foobar date" and you get no credit.
With over 50 security advisories to date, I have not had the issue
you are having.
Some disclosure asset links
Some stories on disclosure and credit
hope this helps,
- Prev by Date: Digital Armaments May-June-2007 Hacking Challenge: VMware
- Next by Date: Re: [Dailydave] Vulnerabilities Hashes DB needed
- Previous by thread: Digital Armaments May-June-2007 Hacking Challenge: VMware
- Next by thread: Re: [Dailydave] Vulnerabilities Hashes DB needed