Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Vulnerabilities in some SCADA server softwares

From: Luigi Auriemma <aluigi () autistici org>
Date: Mon, 21 Mar 2011 20:02:31 +0000
At what point in time did you try contacting any of the vendors for
these issues?


the vendors of the affected softwares have not been contacted.



How do you propose a manufacturer fix an issue?


in the security field a public vulnerability is a dead vulnerability,
anyone who has found and released at least one security bug in his life
knows it and knows to what I refer.

90% of the job of fixing a bug is just finding it first, I have even
showed the details, the causes and the ways to replicate them.



Where in any of your advisories did you take the time to let a company
know: "hey you guys have some potential issues, here they are!!!"


I have done it in the exact moment that I have uploaded my advisories on
my website making anyone aware of the problems, included the same
vendors that now can fix them.


--- 
Luigi Auriemma
http://aluigi.org
Previous By Date Next
Previous By Thread Next

Current thread: