Bugtraq mailing list archives
Re: DJB's students release 44 *nix software vulnerability advisories
From: "D. J. Bernstein" <djb () cr yp to>
Date: 18 Dec 2004 04:25:11 -0000
Shu T. Messenger writes:
In each case, Professor Bernstein notified the author of the vulnerable package on Dec 15 via e-mail. This mail hit Bugtraq on the 16th, giving one day for vendors to provide fixes.
Actually, I sent all of these notifications to the public securesoftware mailing list (http://securesoftware.list.cr.yp.to) at the same time that I sent them to the authors. It certainly wasn't my intention to give the authors an extra day of self-delusion.
Is the class on responsible disclosure next semester perhaps?
If you had bothered to look at the slides on the course web page, you would have seen a half day dedicated to the topic, plus some examples on subsequent days of how people react to full disclosure when they're trying to protect their shoddy security practices. The reason that the 16 students sent their 91 reports to me privately is so that they wouldn't have to deal with people like you. It was entirely my decision to send out these 44 public notices. ---D. J. Bernstein, Associate Professor, Department of Mathematics, Statistics, and Computer Science, University of Illinois at Chicago
Current thread:
- DJB's students release 44 *nix software vulnerability advisories Thor Larholm (Dec 16)
- Re: DJB's students release 44 *nix software vulnerability advisories Crispin Cowan (Dec 17)
- Re: DJB's students release 44 *nix software vulnerability advisories cees-bart (Dec 17)
- Re: DJB's students release 44 *nix software vulnerability advisories Marcin Owsiany (Dec 20)
- Re: DJB's students release 44 *nix software vulnerability advisories security curmudgeon (Dec 17)
- Re: DJB's students release 44 *nix software vulnerability advisories Julian T J Midgley (Dec 20)
- <Possible follow-ups>
- Re: DJB's students release 44 *nix software vulnerability advisories D. J. Bernstein (Dec 19)
- Re: DJB's students release 44 *nix software vulnerability advisories Artem Chuprina (Dec 21)
- Re: DJB's students release 44 *nix software vulnerability advisories Stephen Samuel (Dec 21)
- Re: DJB's students release 44 *nix software vulnerability advisories D. J. Bernstein (Dec 22)
- Re: DJB's students release 44 *nix software vulnerability advisories David Eisner (Dec 22)
- Re: DJB's students release 44 *nix software vulnerability advisories Crispin Cowan (Dec 22)
- Re: DJB's students release 44 *nix software vulnerability advisories D. J. Bernstein (Dec 23)
- Re: DJB's students release 44 *nix software vulnerability advisories Crispin Cowan (Dec 24)
- Message not available
- Re: DJB's students release 44 *nix software vulnerability advisories Crispin Cowan (Dec 23)
- Re: DJB's students release 44 *nix software vulnerability advisories milw0rm Inc. (Dec 21)