Security Basics mailing list archives
Re: Unresponsive Vendor
From: Matt Burnett <marukka () mac com>
Date: Fri, 21 Nov 2003 09:56:25 -0600
Thanks for everyone's 2 cents, I never expected such a large amount of replies. So let me try to reply to everyone in one email, sorry if I missed a question or comment, just throw something hard/heavy at me and I will address it. And to all the people who say 'don¹t consider this disrespectful', don¹t worry I haven't, your entitled to your own opinion. I have submitted this to the company in the manner their security hotline has requested. I did include the d0s code along with a statement saying that I would like to be kept in the loop and that I would release this is 2 weeks/when a patch is released, whichever comes first. I also stated that I would be willing to delay the release, and did provide my cell phone number. Why 2 weeks, I must be a jackass!?! Well as I stated before, I've been laid off for 4.75 months now, and my cable company wants their money and is going to cut off my service soon. On top of that the Chicago job market isn't that great, and I don¹t know when i'll get another job so I can pay my ISP. I am going to take everyone's advice and call them before release assuming they haven't released a patch yet, and ask for a status update. If they say soon then I'll delay release. The product is semi open source (proprietary licensee) and I have considered releasing patch. But upon inspection it appears that the source code they provide is different that what is actually in the product, I could be wrong, and I am still inspecting their code. In response to everyone who has said that I should not expect credit. My opinion on this issue is that by discovering this bug and reporting it to them I am doing work for them. I'm not expecting a check but a full commercial license of the product would be nice, or at the very least they should give credit. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Unresponsive Vendor, (continued)
- RE: Unresponsive Vendor mrodrigu (Nov 20)
- Re: Unresponsive Vendor Meritt James (Nov 21)
- RE: Unresponsive Vendor Randy Golly (Nov 20)
- Re: Unresponsive Vendor c_brauckmiller (Nov 20)
- Re: Unresponsive Vendor Matt Burnett (Nov 20)
- Re: Unresponsive Vendor Peter Schawacker (Nov 20)
- Re: Unresponsive Vendor Matt Burnett (Nov 21)
- Re: Unresponsive Vendor Matt Burnett (Nov 20)
- Re: Unresponsive Vendor Pieter-Bas IJdens (Nov 21)
- RE: Unresponsive Vendor mrodrigu (Nov 20)
- RE: Unresponsive Vendor Meidinger Chris (Nov 21)
- Re: Unresponsive Vendor mrodrigu (Nov 21)
- Re: Unresponsive Vendor Matt Burnett (Nov 21)