Re: How much time is appropriate for fixing

[Григорий Братислава <musntlive () gmail com>]

On Tue, Jul 10, 2012 at 5:48 PM, Gary E. Miller <gem () rellim com> wrote:

> Maybe, but my real world example shows your simplistic logic is wrong.

Is say who?

> Psych 101: Evil people have no shame.

And is you say my logic is wrong.

You: "If you become a whistleblower, you are evil for disclosing the
danger. How dare you post information on a vulnerability before
allowing the vendor to fix the issue. Lives are at stake, people are
in real danger!"

Is vendor have their act together, is problem never leave prior to
"test use cases" in Dev and Q&A. Where is responsibility of vendor
lie? Vendor is solely care to make money not is churn out fixes.

So according to is your logic:

MusntLive discover pedo, report pedo, authorities lallygag, MusntLive
publicize pedo info, MusntLive is evil.
MusntLive discover is Lockheed has glitch on plane cause pilot to
crash, MusntLive publish information so to for pilots can know,
MusntLive is evil for exposure.
MusntLive discover is flaw in mechanism that shut down power grid,
rush to warn people via full disclosure, MusntLive is evil.

Nice logic is there in your thinking. Perhaps maybe to if you are in Poland.

Is I discover flaw, what is make you think no one else is has discover
flaw. According to your is logic: "sit around and wait for the
responsible vendor to fix it. In the meantime worry little about the
dozens of other attackers that likely know about the flaw and are
actively exploiting it!" Nice logic Gary.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/