Full Disclosure mailing list archives
openssl exploit code
From: ib () clusterfsck net (Isaak Bloodlore)
Date: Tue, 17 Sep 2002 09:50:07 -0700
Quoting Florian Weimer (Weimer () CERT Uni-Stuttgart DE):
Bugtraq will follow the industry norms for security disclosures, like it does now. There are always delays, even with Bugtraq: A security vulnerability has to be verified, and the vendor has to be alarmed. Typically, the vendor gets a grace period to develop a patch. We will keep this standard.
So, here's the three price winning questions: for $250,000: Was the person giving this interview talking out of his or her behind? I.e. some misled M$-humping marketdroid? for $500,000: What's the industry norm, Symantec's talking about? Unless I missed something, M$ for example is _not_ the industry. for $1,000,0000: If a poster elects to give a vendor this grace period himself, e.g. notifies the vendor, waits the standard seven days for responses, will Symantec publish advisories and proof-of-concept code right away? Will there be differences between, say, Microsoft and the Apache consortium in how long this "grace period" is? And lastly, is Bugtraq bound to the same restrictions and regulations, Symantec in general as a member of the Microsoft Security Suppression Cabal is? -- me -- a=[8,16,20,29,78,65,2,14,26,12,12,28,71,114,12,13,12,82,72,21,17,4,10,2,95] a.each_with_index{|x,i| $><<(x^'Begin landing your troops'[i]).chr}
Current thread:
- openssl exploit code Solar Eclipse (Sep 16)
- openssl exploit code hellNbak (Sep 16)
- openssl exploit code Solar Eclipse (Sep 16)
- openssl exploit code hellNbak (Sep 16)
- openssl exploit code Solar Eclipse (Sep 16)
- openssl exploit code Blue Boar (Sep 16)
- openssl exploit code Florian Weimer (Sep 17)
- openssl exploit code hellNbak (Sep 17)
- openssl exploit code Florian Weimer (Sep 17)
- openssl exploit code Isaak Bloodlore (Sep 17)
- openssl exploit code Ken Pfeil (Sep 17)
- openssl exploit code Solar Eclipse (Sep 16)
- openssl exploit code Jonathan Rickman (Sep 17)
- openssl exploit code hellNbak (Sep 17)
- openssl exploit code Georgi Guninski (Sep 17)
- openssl exploit code hellNbak (Sep 16)
- openssl exploit code Isaak Bloodlore (Sep 17)
- openssl exploit code hellNbak (Sep 16)
- <Possible follow-ups>
- openssl exploit code Arjen De Landgraaf (Sep 16)
- openssl exploit code Arjen De Landgraaf (Sep 17)