lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Jun 2010 09:26:47 -0700 From: Susan Bradley <sbradcpa@...bell.net> To: Tavis Ormandy <taviso@...xchg8b.com> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Re: Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly You commented that Microsoft needs to address a communication problem. It's irrelevant to the full disclosure issue in my mind. I'd honestly like to know if there is a break down in communication at the MSRC that needs to be addressed. It appears there is one? Tavis Ormandy wrote: > Susan, this is what is called "full disclosure", and my response was > relevant. > > I will not answer anymore uninformed questions on this topic. > > Thanks, Tavis. > > On Thu, Jun 10, 2010 at 09:02:37AM -0700, Susan Bradley wrote: > >> I'm not asking about disclosure. I'm asking what happened to the level >> of communication between you and MSRC that after 4 days you posted this? >> >> Tavis Ormandy wrote: >> >>> Susan, I wish I had the time to hold your hand through getting up to >>> speed on the disclosure debate. Instead, I would suggest starting with >>> the links in my advisory which were intended to give you enough >>> background to understand the issues involved (skip to the Notes section, >>> if you like). >>> >>> As I cannot hope to speak as eloquently on the topic as Bruce, I will >>> not attempt to repeat them for you here. >>> >>> If after researching the topic you still have questions, please let me >>> know. >>> >>> Thanks, Tavis. >>> >>> On Thu, Jun 10, 2010 at 08:36:09AM -0700, Susan Bradley wrote: >>> >>> >>>> I'm not an enterprise customer, but I am a mouthy female. So here's my >>>> question back to you, for my education, how exactly did MSRC contact you >>>> back? >>>> >>>> Since June 5th have you tried emailing back or any of your contacts from >>>> past interactions and asked what was up? I'm disappointed in this lack >>>> of communication I see on both sides. You are ...well... Tavis >>>> Ormandy... I seriously doubt MSRC is blowing you off here. >>>> >>>> Keep in mind we just had a LARGE patch week to deal with. I don't know >>>> what was going on on their side, nor making excuses as I don't know what >>>> communication you've had in the past and had on this issue ... I'm just >>>> saying I would have spent a little more time getting mad at them and >>>> sent a lot more emails back to them before posting this. >>>> >>>> (And try dealing with Microsoft licensing sometime if you think security >>>> communication is lacking) >>>> >>>> >>>> >>> >>> > >
Powered by blists - more mailing lists