Re: The Week of Oracle Database Bugs

[Joanna Rutkowska <joanna () invisiblethings org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

dan () geer org wrote:
> Joel Eriksson writes:
>  | 
>  | Vulnerabilities are often known and (ab)used long before they
>  | are publicly known. It's the existence of a security bug that
>  | is the real danger, not whether the bug is known by the public
>  | at large, by a small group or by noone (so far). Actually, the
>  | bug can do far more damage during the time it's known only by
>  | a few.
>  | 
>
> I will assume, then, that you agree the conservative
> position for the researcher to take is that any vuln
> s/he discovers is always a re-discovery, that no one
> here ever discovers anything truly new?

Please note, Dan, that Joel used the word 'often', while you said
'always'. Also, it's not the problem of who discovers the bug first, but
rather that it's very unlikely that a particular bug (or a security
problem in general) will never be discovered (abused) by anybody else...
It's a big planet (at least very crowded) ;)

joanna. (who couldn't believe her own eyes, when saw Dino's talk
description at Black Hat USA website;))
-----BEGIN PGP SIGNATURE-----

iD8DBQFFZMKwORdkotfEW84RAsvIAKDjS9N74opRNR/EkSfhFhz0lkl5MACfZ+Hf
sv8GcKPkGQAkq9Ajd723+Gw=
=VAl0
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave