Bugtraq mailing list archives

Re: Pro Disclosure (was Re: UnixWare)

From: bet () std sbi com (Bennett Todd)
Date: Sat, 30 Apr 1994 04:36:44 -0400 (EDT)


Paul A Vixie writes:

Generally what happens is:

      a bad guy finds a hole
      lots of bad guys use the hole
      ...


I agree with your timeline. Unfortunately, I'm not interested in it after
step 2. When lots of people are exploiting a hole, I want the details of
that hole made widely available --- I want several orders of magnitude more
people able to work on fixes and workarounds.

Happily, many other people seem to agree; I'm optimistic that the typical
time between bug discovery and widespread bug fixing may drop from years to
months. Maybe even, with work, to weeks. Once lots of people are exploiting
the bug, I think keeping it out of system administrators' hands changes from
well-intentioned foolishness to seriously irresponsible, destructive
behavior.

This, as best I recall, is why the bugtraq list was started.

-Bennett
bet () sbi com

Current thread:

Pro Disclosure (was Re: UnixWare) Carl Corey (Apr 29)
- Re: Pro Disclosure (was Re: UnixWare) Bennett Todd (Apr 29)
  - Re: Pro Disclosure (was Re: UnixWare) Paul A Vixie (Apr 30)
    - Re: Pro Disclosure (was Re: UnixWare) Bennett Todd (Apr 30)
    - Re: Pro Disclosure (was Re: UnixWare) Steven C. Blair (Apr 30)
    - Re: Pro Disclosure (was Re: UnixWare) Pat Myrto (Apr 30)
    - Re: Pro Disclosure (was Re: UnixWare) Oliver Friedrichs (Apr 30)
    - Re: Pro Disclosure (was Re: UnixWare) Matthew Gream (Apr 30)
- Re: Pro Disclosure (was Re: UnixWare) Scott Chasin (Apr 30)