Full Disclosure mailing list archives
Re: "responsible disclosure" explanation (an
From: bugtraq () cgisecurity net
Date: Wed, 10 Aug 2005 11:13:56 -0400 (EDT)
iss forgot it's handling of the apache chunk bug: http://www.derkeiler.com/Mailing-Lists/ISS/2002-06/0009.html quote: ------ ISS X-Force deals with all vendors on a case-by-case basis to provide maximum protection for **our customers** and the community. ------
Last I checked Gobbles found this exploit and ISS simply reported it being exploited in the wild. Of course they are going to alert their *paying customers* before alerting the public mailing lists. - zeno http://www.cgisecurity.com
-- where do you want bill gates to go today? On Tue, Aug 09, 2005 at 07:04:23PM -0400, Ingevaldson, Dan (ISS Atlanta) wrote:Just in case anyone is interested, the ISS Vulnerability Disclosure Guidelines were made public a couple years ago, and last revised on July 15, 2004. The document is available here:_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: "responsible disclosure" explanation (an exampleof the fallacy of idealistic thought) Ingevaldson, Dan (ISS Atlanta) (Aug 09)
- Re: "responsible disclosure" explanation (an exampleof the fallacy of idealistic thought) Georgi Guninski (Aug 09)
- Re: "responsible disclosure" explanation (an bugtraq (Aug 10)
- Re: "responsible disclosure" explanation (an exampleof the fallacy of idealistic thought) Ken Pfeil (Aug 10)
- Re: "responsible disclosure" explanation (an exampleof the fallacy of idealistic thought) Georgi Guninski (Aug 09)