| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu Jun 30 19:58:58 2005 From: maddenj at skynet.ie (John Madden) Subject: Re: Publishing exploit code - what is it good for -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On (30/06/05 15:13), Aviram Jenik didst pronounce: > What I need is a security administrator, CSO, IT manager or sys admin > that can explain why they find public exploits are good for THEIR > organizations. Maybe we can start changing public opinion with regards > to full disclosure, and hopefully start with this opinion leader. > I sysadmin a small number of machines, mainly Debian based. When an exploit comes out, it's usually released as "version X is vulnerable". Debian's version numbers don't always directly match releases of the vulnerable software, so having exploit code available helps to verify whether or not the software is vulnerable, without having to wait for Debians advisory, which are usually released later than the vulnerability release. It's also very useful to decide whether you need to use a workaround (which may cause disruption or change to the service) or not. - -- Chat ya later, John. - -- BOFH excuse #1: clock speed -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCxDkNQBw+ZtKOvTIRAt3oAJ9iaBMYQbS5P0j1K8Sv90L+j1cnggCbBSZ5 BHK6XUdm1pIwbJkblRVJ2sk= =kHrg -----END PGP SIGNATURE-----
Powered by blists - more mailing lists