|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Publicly Disclosing A Vulnerability
Valdis.Kletnieks
vt.edu
Date: Wed Oct 05 2005 - 10:24:17 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 05 Oct 2005 08:17:41 PDT, Steve Friedl said:
> Your customer still has to work with the vendor after you're gone, and
> going public - which I think is a fine idea in general - could sour a
> relationship that's not yours to sour. Ask the customer what they want
> to do with this, but if you're covered under NDA (as you surely must be)
> I'm pretty sure you have to sit on it if they tell you to.
One thing to remember is that the customer has some leverage with the vendor,
since they can say "What are you going to do about this problem our contractor
found in your stuff? And is your head-in-the-sand attitude indicative of how
you intend to deal with *other* problems as well? Should we start considering
moving our business elsewhere to another vendor that isn't as coated in ostrich
feathers?".....
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFDQ/AhcC3lWbTT17ARAlxjAJ0a77dNUlEioZnnuvwGyA7TIOKwMwCeK2qd
fIQvW3aRoDD2lUI9kgqCQn8=
=wEAs
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]