Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

openssl exploit code

From: Weimer () CERT Uni-Stuttgart DE (Florian Weimer)
Date: Tue, 17 Sep 2002 17:22:06 +0200
hellNbak <hellnbak () nmrc org> writes:


Source?  URL?  Article?  I personally would be very surprised if this
happened.  But stranger things have happened.


I've got the following quote from Computerzeitung, but no direct URL:

| Bugtraq wird den Industrienormen für Security-Veröffentlichungen
| folgen, wie es das heute bereits tut. Es gibt immer Verzögerungen,
| sogar bei Bugtraq: Die Sicherheitslücke muss verifiziert und der
| Hersteller alarmiert werden. Typischerweise räumt man ihm immer eine
| Gefälligkeitszeit ein, um einen Patch zu entwickeln. Diesen Standard
| werden wir beibehalten.

John Schwarz, Chief Operating Office, Symantec.

Approximate translation:

Bugtraq will follow the industry norms for security disclosures, like
it does now.  There are always delays, even with Bugtraq: A security
vulnerability has to be verified, and the vendor has to be alarmed.
Typically, the vendor gets a grace period to develop a patch.  We will
keep this standard.

(Sorry, English isn't my native tongue.)

-- 
Florian Weimer                    Weimer () CERT Uni-Stuttgart DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898
Previous By Date Next
Previous By Thread Next

Current thread: