|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google
ad
heapoverflow.com
Date: Thu Jul 06 2006 - 09:04:31 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Martin O'Neal wrote:
my opinion is that full disclosure is not for vendors .. it's for users. full disclosure is for us to know how to react on certain threads.Which is just fine if you are technically competent to understand the threat, and there is also a valid mitigating strategy you can employ immediately. For the vast majority of situations though, this just isn't the case. The users are not technically competent enough to understand the true threat posed by an entry on a news group (which are generally hopelessly incomplete and/or factually inaccurate) and then this is coupled with a vulnerable product that may be essential, difficult to protect, and a stable official fix that may be weeks or months away from delivery. I personally also believe in full disclosure, but it has to be delivered in a responsible fashion. Dispatching vulnerabilities to a public list without even attempting to contact the vendor is clearly not in the best interest of the vendors nor the great majority of the user base. Martin... ---------------------------------------------------------------------- CONFIDENTIALITY: This e-mail and any files transmitted with it are confidential and intended solely for the use of the recipient(s) only. Any review, retransmission, dissemination or other use of, or taking any action in reliance upon this information by persons or entities other than the intended recipient(s) is prohibited. If you have received this e-mail in error please notify the sender immediately and destroy the material whether stored on a computer or otherwise. ---------------------------------------------------------------------- DISCLAIMER: Any views or opinions presented within this e-mail are solely those of the author and do not necessarily represent those of Corsaire Limited, unless otherwise specifically stated. ---------------------------------------------------------------------- Corsaire Limited, 3 Tannery House, Tannery Lane, Send, Surrey, GU23 7EF Telephone: +44(0)1483-226000 Email:info@corsaire.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ __________ NOD32 1.1646 (20060706) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]