Full Disclosure mailing list archives
Re: New Security web site: http://exploitwatch.org
From: Harlan Carvey <keydet89 () yahoo com>
Date: Fri, 6 Aug 2004 07:25:20 -0700 (PDT)
Thanks for the reply.
True, but as I said: "Some web-sites and mailing lists already provide this functionality, but we have found them way too slow to publish new updates as well as being incomplete."
Right, I caught that, too.
We focus on exploits only, and aim to increase awareness and publish information faster and more systematically than existing services do.
Faster is good. But how do you plan to address the issue of completeness? Also, since you're focusing only on exploits (and not the vulnerabilities that lead to the actual exploits), I'm really curious to see how you plan to address completeness in that sense. Specifically...if a vulnerability exists, it's clear that you're not going to address it until someone actually exploits it. Once the vulnerability gets exploited, from what you've said, you're going to "publish information faster"...but what information? In the vast majority of cases, when a company gets a vulnerability exploited, all we hear is that they were compromised, but not what vulnerability was actually exploited. Thanks. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- New Security web site: http://exploitwatch.org admin (Aug 06)
- Re: New Security web site: http://exploitwatch.org Harlan Carvey (Aug 06)
- Re: New Security web site: http://exploitwatch.org admin (Aug 06)
- Re: New Security web site: http://exploitwatch.org Harlan Carvey (Aug 06)
- Re: New Security web site: http://exploitwatch.org admin (Aug 06)
- Re: New Security web site: http://exploitwatch.org Harlan Carvey (Aug 06)