Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: no more public exploits

From: "Felipe Cerqueira - skylazart" <skylazart () core cx>
Date: Wed, 28 Apr 2004 09:33:33 -0300 (BRT)
I Agree!!!!

And, if you want check service packs or patchs, all you need is try to
crash it...

Security companies are getting too much money with our "toys".




Heres my two cents :-/

Exploit code is better kept private.
Advisories should be public.

Why?

Because exploit code is not easy to write depending on the bug. And I
for one sure dont want some 'penetration tester' taking my code and
plugging it into his automated scanner and collecting the cash. Im far
to greedy to watch that happen. Sorry.

NON-Disclosure of Exploit code.
Full-Disclosure of Advisories.

As far as the discussion of sysadmins patching on time or not. All I
will say is this . . .  if they did patch on time there wouldnt be a
www.zone-h.org.

- borg (ChrisR-)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html




- skylazart [at] core.cx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: