Dailydave mailing list archives
Re: Half Disclosure
From: <halvar () gmx de>
Date: Wed, 3 Nov 2004 09:34:51 -0800
Hey all,
(http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1014528,00.html)
I take the liberty of not commenting this article and just smile.
http://www.securityfocus.com/archive/1/380152/2004-10-31/2004-11-06/0
We all know that once the buggy and the nonbuggy application is public, odds are
the bug is public.
Is this really the path we want to take?
Honestly, I think a mailing list where advisories with targets but no details are posted would be hilarious, and so would be a mailing list with exploits minus targets. Alternatively, I kinda like the idea of a mailing list where one can post hashes of textfiles explaining a vulnerability. Once the vulnerability is discovered elsewhere (or just fixed accidentally), the full text can be posted. This would allow for some very interesting estimates on how long bugs are known before they get fixed, without actually disseminating the bugs.
Cheers,Halvar
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Half Disclosure robert (Nov 03)
- Re: Half Disclosure halvar (Nov 03)
- Re: Half Disclosure Dave Aitel (Nov 03)
- Re: Half Disclosure Gadi Evron (Nov 03)
- RE: Half Disclosure Chris Eagle (Nov 03)
- Re: Half Disclosure Dave Aitel (Nov 03)
- Re: Half Disclosure halvar (Nov 03)
- Re: Half Disclosure Nicob (Nov 03)
- Re: Half Disclosure ned (Nov 03)