Bugtraq mailing list archives
Re: Full Disclosure works, here's proof:
From: casper () fwi uva nl (Casper Dik)
Date: Fri, 02 Dec 1994 15:09:23 +0100
Besides Spaf's argument that full disclosure has no proof of being productive, I think almost everyone I talked with who works in security for their vendor agreed that they try to fix security holes as soon as possible, and ones that have been publicly disclosed, would take higher priority in the list of patches to create. Only a real bloated and beaucratic organization wouldn't make patches ASAP when customers are screaming for them. Anyways, it has been less than a week and here's SCO patches. If 8LGM had only reported the bugs to CERT and SCO, who knows how long would we have seen the patches?
So, tell me, where did the full disclosure take place? Apparently SCO feels that the discloure of the fact that there are bugs was enough to get them of their buts. So it seems that time-lapsed full disclosure does work. We have seen no such fixes with the first batch of immediate full-disclosure 8lgm reports. Casper
Current thread:
- Full Disclosure works, here's proof: Christopher Klaus (Nov 30)
- Re: Full Disclosure works, here's proof: Casper Dik (Dec 02)
- Re: Full Disclosure works, here's proof: Christopher Klaus (Dec 02)
- RE: Question... CUNNINGHAM () B PSC EDU (Dec 02)
- empty messages? Breakdown (Dec 02)
- Re: empty messages? Walker Aumann (Dec 02)
- /dev/tcp, and a LD_LIBRARY_PATH question. That Whispering Wolf... (Dec 02)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. anthony baxter (Dec 03)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Robert M. Haas (Dec 03)
- full disclosure list clarification Pete Hartman (Dec 02)
- Re: Full Disclosure works, here's proof: Casper Dik (Dec 02)
- pt_chmod carson () lehman com (Dec 02)
- Re: pt_chmod Karl Strickland (Dec 02)