| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Oct 7 18:28:28 2005 From: adesautels at comcast.net (Adriel Desautels) Subject: Websites vulnerabilities disclosure -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greets, If the issue impacts a single person then why does the world need to know? In that case disclosure is pointless and damaging. If however the issue impacts many people some of which you don't know and have no way of contacting, then disclosure is a must as it will protect them in the long run. Don't get the arguments mixed up. Generally speaking, vulnerabilities almost never impact a single person, even web application vulnerabilities. - --> -----Original Message----- - --> From: full-disclosure-bounces@...ts.grok.org.uk - --> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On - --> Behalf Of Valdis.Kletnieks@...edu - --> Sent: Friday, October 07, 2005 12:43 PM - --> To: Raghu Chinthoju - --> Cc: full-disclosure@...ts.grok.org.uk - --> Subject: Re: [Full-disclosure] Websites vulnerabilities disclosure - --> - --> On Fri, 07 Oct 2005 14:38:34 +0530, Raghu Chinthoju said: - --> > I say, "... hey listen! your house entrance door latch - --> isn't strong - --> > enough.. there are only 4 screws instead 16, which is the - --> practice.. - --> > you have a risk of some one easily barging into your - --> house ...". For - --> > some reason you don't respond.. I publish it in the local - --> news paper - --> > that ".. Mr. X's door latch is week and any one can break - --> it easily - --> > ..." Do you think it is ethical??? I seriously think not. - --> - --> The ethics change somewhat if instead of Mr. X, it's a - --> branch of a bank with many customers, or one of those - --> "You-Store-It" storage facilities, or if it's a medical - --> research lab that works with dangerous pathogens, or - --> anyplace else where it's more than just Mr. X's goods or - --> well-being that's endangered.... - --> - --> -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 Comment: http://www.secnetops.com iQA/AwUBQ0ar6ZNLRT/rHZe1EQLPOgCgvbcqJKz2WX3lpgJczOp3A0fy/QoAoMOe sHmZy9YJ8O2FBZoVmKXs5ay+ =aj61 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists