|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] Exploit release
From: Martin Bealby (mxb285
bham.ac.uk)
Date: Mon Apr 05 2004 - 02:39:08 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, 2004-04-05 at 01:05, J.A. Terranson wrote:
> 2 on the Troll-O-Meter. Thanks for playing though.
Hey, I wasn't trying to troll. I was actually seriously thinking about
it. Being relatively new to the security scene I thought it was a valid
question. I know the list has degraded somewhat over the past few months
but you don't have to have a go at me just for asking a question. I
thought the full-disclosure list would be the most appropriate place to
ask this sort of question, as I know the majority of the people on this
list use sensible disclosure techniques such as RFPolicy. However, if
you go to a developer and say 'here is an exploit, you have X days to
fix it until I go public', couldn't this be twisted into some sort of
blackmail?
I'm just trying to think everything through before I start my own
research.
Cheers,
Martin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQBAcQ0bAydojtrG7OYRAl3gAKCSmZSgC4xmfvPsTna2lgoEtnegdwCfSmfW
XAfvaduLv9xryAE7LBVRevo=
=VIVw
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]