Re: Complicated Disclosure Scenario

From: David Carroll (dcarroll@hgo.net)
Date: 01/17/02

• Previous message: Ryan Permeh: "Re: Complicated Disclosure Scenario"
• In reply to: Josha Bronson: "Complicated Disclosure Scenario"
• Next in thread: Nick Lange: "Re: Complicated Disclosure Scenario"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 17 Jan 2002 09:19:31 -0500
To: vuln-dev@securityfocus.com
From: David Carroll <dcarroll@hgo.net>

         I think the most important part of the message is that they are
not doing thier own investigating. If you don't have the time or tools to
do more, and they refuse to, let someone who wants the challenge do
it. Let it out, but warn the company that you are going to do so, and give
them a bit of time in case they fell like doing something about it then.

Thus spake Josha Bronson:
>This is the problem as it sits. If I reach out to "the community" for
>additional assistance with researching this bug I might as well just send
>out an advisory. If I release an advisory the vendor will most likely
>not have a patch ready, they will feel violated and the user base will
>[...] So, what would you do?

David Carroll
System Administrator, HGO Technology
www.hgo.net

---

• Previous message: Ryan Permeh: "Re: Complicated Disclosure Scenario"
• In reply to: Josha Bronson: "Complicated Disclosure Scenario"
• Next in thread: Nick Lange: "Re: Complicated Disclosure Scenario"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > vuln-dev  > 2002-01