Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Dailydave] Half Disclosure
From: ned (ndfelinemenace.org)
Date: Wed Nov 03 2004 - 16:58:16 CST
On Wed, 3 Nov 2004 robertdyadsecurity.com wrote:
> I know there is a debate
> between the security research community and the Confused Illusionary
> Supposed Security People communities.
> The industry seems to be taking a funny twist with the practice of
> disclosure of newly identified problems. My team for years has joked
> about creating a "Half Disclosure" mailing list. This list would either
> A) tell you that a particular piece of software has a problem... or B)
> provide working exploit code with no product reference.
> Little did we know other companies had the same sense of humor:
eEye does it too:
> "... are going to withhold details about this flaw for three months.
> Full details will be published on the [later]. This three
> month window will allow users of [product] the time needed to download
> the updated version before the details are released to the general
> public. This reflects [companies]'s new approach to responsible
> Is this really the path we want to take?
Dailydave mailing list