Secure Coding mailing list archives

On exploits, hubris, and software security

From: BlueBoar at thievco.com (Blue Boar)
Date: Fri, 03 Nov 2006 09:50:10 -0800

Gary McGraw wrote:

The main thing I wonder is, what do you think?  When you have a hot
demonstration of an exploit, how do you responsibly release it?  What
role do such demonstrations play in moving software security forward?


To pick one extreme, I believe there are times when intentionally 
blindsiding a vendor is appropriate:
http://ryanlrussell.blogspot.com/2006/11/you-want-mac-wireless-bugs.html

                                        BB

Current thread:

On exploits, hubris, and software security Gary McGraw (Nov 03)
- On exploits, hubris, and software security Blue Boar (Nov 03)
- <Possible follow-ups>
- On exploits, hubris, and software security SC-L Subscriber Dave Aronson (Nov 03)
- On exploits, hubris, and software security Gary McGraw (Nov 03)
  - On exploits, hubris, and software security Blue Boar (Nov 03)