Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

HP Full Disclosure Story

From: full-disclosure () lists netsys com (Steve Manzuik)
Date: Fri, 23 Aug 2002 11:21:14 -0600
How can you argue that?  If there was a standard disclosure procedure that the majority of researchers and vendors 
agreed to something like this would either a.) never happen or b.) get thrown out of court in a massive PR nightmare 
for the vendor invovled.
 
Right now, with no formal process that vendors in general adhere to HP can make a case of it.  If a process was in 
place we would have real world precedence and a proven best practice -- meaning HP would lose in court and the door for 
EVERYONE to start suing vendors would start to open.

        -----Original Message----- 
        From: Georgi Guninski [mailto:guninski () guninski com] 
        Sent: Fri 8/23/2002 11:24 AM 
        To: full-disclosure () lists netsys com 
        Cc: 
        Subject: Re: [Full-disclosure] HP Full Disclosure Story
        
        
        This clearly illustrates why the responsibility RFC is a really evil thing.
        
        They are using funny arguments, but consider what threats they shall make if
        they have a RFC at hand.
        
        Georgi Guninski
        http://www.guninski.com
        
        Tamer Sahin wrote:
        > Hello Folks,
        > 
        > In January, have found a security hole in HP AdvanceStack switches. This
        > vulnerability affected 8 different swicth models. There had been an
        > interesting mail traffic between HP Security Response Team and me. I compiled
        > it from my mail archive lastly and I thought that it would take your
        > attention.
        > 
        > Best Regards;
        > 
        > Tamer Sahin
        > http://www.securityoffice.net
Previous By Date Next
Previous By Thread Next

Current thread: