| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 8 Jul 2012 14:07:52 +0200 From: "Stefan Kanthak" <stefan.kanthak@...go.de> To: <full-disclosure@...ts.grok.org.uk> Subject: Re: How much time is appropriate for fixing a bug? "Thor (Hammer of God)" <thor@...merofgod.com> wrote: | Content-Type: multipart/mixed; boundary="===============0734760750==" Please stop posting anything but text/plain. > If you really care about the security of the industry, then submit it and > be done with it. If and when they fix it is up to them. OUCH!? The "industry" will (typically) not fix any error if the cost for fixing exceeds the loss (or revenue) that this fix creates, including the vendors gain/loss of reputation, gain/loss of stock value, loss of money in court cases or due to compensations, loss of (future) sales due to (dis-)satisfied customers, ... Joe Average can't tell the difference between a program which is designed, developed, built and maintained according to the state of the art, and some piece of crap that is not. He but only sees the (nice or promising) GUI of the product and it's price tag. Stefan Kanthak _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists