Full Disclosure mailing list archives
Re: Vulnerability Disclosure Debate
From: "Geoincidents" <geoincidents () getinfo org>
Date: Thu, 7 Aug 2003 15:51:32 -0400
Nice stance, but complete off target. Currently, Microsoft releases the most detailed advisories, in a consistent format, with extensive information about possible workarounds etc.
Microsoft's initial notification for the dcom exploit suggested blocking port 135 as a possible workaround even though they were completely aware it was a dcom issue which was available via multiple ports. Only after details were released to the security community was it discovered this information was incorrect. I've seen countless times where the security community got details of a flaw and used that information to uncover further issues. It is unreasonable to expect whoever a vendor assigns to investigate a flaw is going to do as thorough a job as the entire security community will if given the details. Geo. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Vulnerability Disclosure Debate gridrun (Aug 07)
- Re: Vulnerability Disclosure Debate Joel R. Helgeson (Aug 07)
- Re: Vulnerability Disclosure Debate Florian Weimer (Aug 07)
- Re: Vulnerability Disclosure Debate Ben Laurie (Aug 13)
- Re: Vulnerability Disclosure Debate Jeremiah Cornelius (Aug 07)
- Re: Vulnerability Disclosure Debate Florian Weimer (Aug 07)
- Re: Vulnerability Disclosure Debate Georgi Guninski (Aug 07)
- Re: Vulnerability Disclosure Debate Geoincidents (Aug 07)
- Re: Vulnerability Disclosure Debate Cesar (Aug 07)
- Re: Vulnerability Disclosure Debate gregh (Aug 07)
- Re: Vulnerability Disclosure Debate Matthew Murphy (Aug 07)
- Re: Vulnerability Disclosure Debate Darren Bennett (Aug 07)
- Re: Vulnerability Disclosure Debate Matthew Murphy (Aug 07)
- RE: Vulnerability Disclosure Debate Jason Coombs (Aug 08)
- RE: Vulnerability Disclosure Debate Mike Fratto (Aug 08)
- RE: Vulnerability Disclosure Debate Jason Coombs (Aug 08)
- Re: Vulnerability Disclosure Debate Darren Bennett (Aug 07)
- Re: Vulnerability Disclosure Debate Joel R. Helgeson (Aug 07)
- Re: Vulnerability Disclosure Debate Valdis . Kletnieks (Aug 07)
- Re: Vulnerability Disclosure Debate Aron Nimzovitch (Aug 08)