Full Disclosure mailing list archives
RE: Re: [WEB SECURITY] Cross Site Scripting in Google
From: Mike Duncan <security () randomtask net>
Date: Fri, 07 Jul 2006 10:41:57 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin O'Neal wrote:
I personally also believe in full disclosure, but it has to be delivered in a responsible fashion. Dispatching vulnerabilities to a public list without even attempting to contact the vendor is clearly not in the best interest of the vendors nor the great majority of the user base.
Actually, I think this is the point the author was trying to make. We should not be thinking about the interests of a company who has ignored issues in the past. The "great majority of the user base" will listen to the company -- not us -- anyways. They are not on this list(s) and thus will not see what we see. We are not making the Google website better here, rather we are trying to alert people of a possible issue with the website that they should be aware of and learn from this issue. The author did the right thing here by posting examples in the past of Google ignoring possible issues with their website. I think the author actually went above and beyond the "requirements" of the list(s) and its reader base as well. And the debate continues... Mike Duncan security () randomtask net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFErnK1OSRBehttuMoRAu2KAKDCWdH1z3RuZ4stX0PeQY5ely3KiQCfaR8b y4pY794d1xgNW6P1tsIdqtk= =a/SO -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: Re: [WEB SECURITY] Cross Site Scripting in Google Martin O'Neal (Jul 06)
- Re: Re: [WEB SECURITY] Cross Site Scripting in Google ad () heapoverflow com (Jul 06)
- Re: Re: [WEB SECURITY] Cross Site Scripting in Google n3td3v (Jul 06)
- Re: Re: [WEB SECURITY] Cross Site Scripting in Google n3td3v (Jul 06)
- <Possible follow-ups>
- RE: Re: [WEB SECURITY] Cross Site Scripting in Google Mike Duncan (Jul 07)
- Re: Re: [WEB SECURITY] Cross Site Scripting in Google Peter Dawson (Jul 07)
- Re: Re: [WEB SECURITY] Cross Site Scripting in Google nocfed (Jul 07)
- RE: Re: [WEB SECURITY] Cross Site Scripting in Google tcp fin (Jul 11)
- RE: Re: [WEB SECURITY] Cross Site Scripting in Google PPowenski (Jul 11)
- Re: Re: [WEB SECURITY] Cross Site Scripting in Google ad () heapoverflow com (Jul 06)