|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: lorenzo (lorenzo
digitalmind.it)Date: Wed May 08 2002 - 13:01:16 CDT
I agree with the fact that on those mailing lists there is a full
disclosure of vulnerabilities; but let us not forget that there is
usually a period of time left to the vendors to fix them.
So, why not allow a period of time after which the logs will be made
public?
The question is: can the owner of the machine be contacted?
If yes, then allow him 2 weeks.
If not, let's say 3 weeks.
I'm saying '3 weeks' because sometimes people don't want to leave
contact information, or their contact e-mail are too spammed - so it's
not necessarily their fault if they cannot be contacted.
But after 3 weeks I assume that every script kiddie in the world will
have the machine's address, so publishing it won't affect too much the
bandwidth.
Opinions?
--lorenzo lorenzo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]