Full Disclosure mailing list archives
RE: RE : [Secure Network Operations, Inc.] FullDisclosure != Exploit Release
From: "Geo" <geoincidents () getinfo org>
Date: Wed, 29 Jan 2003 16:10:01 -0500
- Customers can test for themselves whether a patch works or was applied correctly.
I think this is a very important point. Customers need to be able to test to see if applying a second, later patch has made them vulnerable to an earlier patched exploit. An example with this worm was where a later patch once again left you vulnerable. How are we to know if we don't have something to test with? We obviously can't trust the vendors, and with the range of different configurations of machines I'm not even sure that's a reasonable requirement of a vendor to test every possible combination. We have beta testers for software, how can we put patch code thru the same sort of tests if we have nothing to test with to see if it's actually patched the systems we run? We may not need code to exploit, but what about code to prove we are patched? Geo. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: RE : [Secure Network Operations, Inc.] Full Disclosure != Exploit Release, (continued)
- Re: RE : [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Strategic Reconnaissance Team (Jan 29)
- Re: RE : [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Blue Boar (Jan 29)
- RE: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Richard M. Smith (Jan 29)
- RE: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Day Jay (Jan 29)
- RE: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Richard M. Smith (Jan 29)
- [Secure Network Operations, Inc.] Full Disclosure Conclusion? ATD (Jan 29)
- Re: [Secure Network Operations, Inc.] Full Disclosure Conclusion? yossarian (Jan 29)
- RE: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release hellNbak (Jan 29)
- Re: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Blue Boar (Jan 29)
- Re: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Rick Updegrove (security) (Jan 29)
- RE: RE : [Secure Network Operations, Inc.] FullDisclosure != Exploit Release Geo (Jan 29)
- RE: RE : [Secure Network Operations, Inc.] FullDisclosure != Exploit Release Strategic Reconnaissance Team (Jan 29)
- Re: Full Disclosure != Exploit Release Paul Schmehl (Jan 29)
- Re: Re: Full Disclosure != Exploit Release hellNbak (Jan 29)
- RE: Re: Full Disclosure != Exploit Release Richard M. Smith (Jan 29)
- Re: Re: Full Disclosure != Exploit Release Georgi Guninski (Jan 29)
- Re: Re: Full Disclosure != Exploit Release KF (Jan 29)
- Re: Re: Full Disclosure != Exploit Release Blue Boar (Jan 29)