lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: Weimer at CERT.Uni-Stuttgart.DE (Florian Weimer) Subject: openssl exploit code hellNbak <hellnbak@...c.org> writes: > Source? URL? Article? I personally would be very surprised if this > happened. But stranger things have happened. I've got the following quote from Computerzeitung, but no direct URL: | Bugtraq wird den Industrienormen f?r Security-Ver?ffentlichungen | folgen, wie es das heute bereits tut. Es gibt immer Verz?gerungen, | sogar bei Bugtraq: Die Sicherheitsl?cke muss verifiziert und der | Hersteller alarmiert werden. Typischerweise r?umt man ihm immer eine | Gef?lligkeitszeit ein, um einen Patch zu entwickeln. Diesen Standard | werden wir beibehalten. John Schwarz, Chief Operating Office, Symantec. Approximate translation: Bugtraq will follow the industry norms for security disclosures, like it does now. There are always delays, even with Bugtraq: A security vulnerability has to be verified, and the vendor has to be alarmed. Typically, the vendor gets a grace period to develop a patch. We will keep this standard. (Sorry, English isn't my native tongue.) -- Florian Weimer Weimer@...T.Uni-Stuttgart.DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898
Powered by blists - more mailing lists