NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vuln-Dev> 2002-q1

From: Joseph Pingenot (jap3003ksu.edu)
Date: Sun Feb 03 2002 - 20:06:48 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From Krish Ahya on Sunday, 03 February, 2002:
>I understand this, but thats all the more reason to not release an exploit.
>An advisory only would have better suited the situation, especially when the
>vendor won't fix the problem.

Maybe. If Vendor doesn't release Patch, IMHO, publicizing the hole
  and then, maybe a while later, releasing the exploit is the proper
  way to go. Be vocal about it and the reasons for posting it like that,
  and people will migrate to a different (hey, Free Software guarantees
  at least *someone* can make a patch, even if Vendor is too lazy)
  software, since they now know that Vendor does not care about security.

--Joseph

-- 
Joseph======================================================jap3003ksu.edu
"If you really want to toggle [Internet Explorer] into secure mode, you
  just need to click the little 'X" in the top right corner of the window."
     --User dsb3 on www.slashdot.org.       [Use Mozilla! www.mozilla.org.]

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]