Re: Public disclosure of discovered vulnerabilities
tqbf_at_pobox.com
Date: 05/15/05
- Next message: BRG: "Re: Crypto Algorithm Calling Interfaces"
- Previous message: Nicol So: "Re: Public disclosure of discovered vulnerabilities"
- In reply to: Nicol So: "Re: Public disclosure of discovered vulnerabilities"
- Next in thread: Nicol So: "Re: Public disclosure of discovered vulnerabilities"
- Reply: Nicol So: "Re: Public disclosure of discovered vulnerabilities"
- Reply: David Wagner: "Re: Public disclosure of discovered vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 15 May 2005 09:11:36 -0700
> Please stop mischaracterizing my position as "shooting the
> messenger". I advocated no such thing.
How can you avoid that charge? You're criticising people who do
pro-bono security analysis work, find incredibly valuable information,
and release it to the public free of charge.
Complaints about "irresponsible disclosure" are straightforward
examples of psychological transference. The researcher didn't CREATE
the problem. The researcher DOES have a moral responsibility to publish
the problem (which becomes clear when you contrast them with the
unscrupulous parties who find and then privately SELL vulnerability
details). From what authority do system administrators claim the right
to add further hurdles to this process?
- Next message: BRG: "Re: Crypto Algorithm Calling Interfaces"
- Previous message: Nicol So: "Re: Public disclosure of discovered vulnerabilities"
- In reply to: Nicol So: "Re: Public disclosure of discovered vulnerabilities"
- Next in thread: Nicol So: "Re: Public disclosure of discovered vulnerabilities"
- Reply: Nicol So: "Re: Public disclosure of discovered vulnerabilities"
- Reply: David Wagner: "Re: Public disclosure of discovered vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
