Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Joseph Pingenot (jap3003ksu.edu)
Date: Sun Feb 03 2002 - 20:06:48 CST
From Krish Ahya on Sunday, 03 February, 2002:
>I understand this, but thats all the more reason to not release an exploit.
>An advisory only would have better suited the situation, especially when the
>vendor won't fix the problem.
Maybe. If Vendor doesn't release Patch, IMHO, publicizing the hole
and then, maybe a while later, releasing the exploit is the proper
way to go. Be vocal about it and the reasons for posting it like that,
and people will migrate to a different (hey, Free Software guarantees
at least *someone* can make a patch, even if Vendor is too lazy)
software, since they now know that Vendor does not care about security.
-- Joseph======================================================jap3003ksu.edu "If you really want to toggle [Internet Explorer] into secure mode, you just need to click the little 'X" in the top right corner of the window." --User dsb3 on www.slashdot.org. [Use Mozilla! www.mozilla.org.]