Valid disclosure analogy

[full-disclosure () lists netsys com (Defender Defender)]

Mr. Guninsky, you want real world? Here is real world...

You are client of 'bank A'. You find out about a way to break in 'bank A' in 
a quite complicated and tricky manner, but yet possible. You inform 'bank 
A', but no answer! What to do?

a) Dont do anything: all banks are vulnerable at some point. It's all
   a matter of risk, and keeping it secret is the best way to keep
   the risk at its lowest. Furthermore, the vulnerability does not
   compromise the quality of the service itself;

b) Your money is at risk: remove it from 'bank A', put it in 'bank B';

c) Break in 'bank A' and steal other people's money, get plane ticket
   for bermudas;

d) The evil 'bank A' put people at risk. Regardless of fact that you
   are not the owner of the bank, nor that you represent the interest
   of each and every of its clients, take the initiative to inform the
   world of the vulnerability details, how to exploit it, and if
   possible, make a point-and-click robot that breaks into the bank
   and steal money for you, and give a free copy to everyone who wants
   one;

Yes, maybe you may see now, being the client of a vendor does not give you 
absolute right on the vendor nor its other clients. At very best, not happy 
about it? Switch vendor, and shut the fuck up.






_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com