| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Feb 2009 18:09:30 +0100 From: Thierry Zoller <Thierry@...ler.lu> To: Michael Krymson <krymson@...il.com> Cc: full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: Apple Safari ... DoS Vulnerability Dear Michael, I understand your point, however consider that your examples are showing the different *impacts* of a DoS condition. A bug becomes a security problem once it violates at least one of the three letters C or I or A. That's the point. The impact and risk assesement is to be done later on and can only be done partialy by a vendor since the use of the affected products sometimes heavily depends on the implementation or use case. MK> I would suggest that DoS conditions are not a priori security issues, but it MK> certainly depends on the context and whether security has or could have an MK> *interest* in them. This is not to be measured or estimated completely by a vendor but the client/user/integrator of said products in their specific enviroment and use and abuse cases. For example Internet Kiosk vendors. -- http://secdev.zoller.lu Thierry Zoller _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists