lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 28 Nov 2003 13:02:41 -0800
From: Eric Hines <eric.hines@...liedwatch.com>
To: research@...traq.org, bugtraq@...urityfocus.com
Cc: vuln-dev@...urityfocus.com, submissions@...ketstormsecurity.org,
	vulnwatch@...nwatch.org, vulndiscuss@...nwatch.org
Subject: Applied Watch Response to Bugtraq.org post - Was: Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)


Applied Watch Technologies Official Vendor Response
Date: November 28, 2003

Lists:

Applied Watch Technologies embraces and fully supports the open-disclosure 
community. Further to that, we embrace responsible disclosure where vendors 
are given ample time to develop and release a patch in coordination with any 
posts made by the researchers to protect our customers. 

In this instance, Applied Watch Technologies, Inc. was not contacted by any 
Bugtraq.org (Gobbles) researchers in this advisory they released. Quoting a 
news report I was quoted in that had no affiliations with Applied Watch 
Technologies or its network from August of 2002 is not what I would call a 
reason for no vendor notification or lack there of from Bugtraq.org.

No vendor is immune to posts on Bugtraq. Flaws in code exist, we are very 
appreciative for any audits of our product that researchers do, however, in 
all fairness; the vendor should be given an opportunity to know about them so 
countermeasures can be put in place and made available. 

To this end, Applied Watch Technologies has made new versions available for 
all pilot evaluations in progress, as well as current customers. New versions 
of the Applied Watch Server (v1.4.5) can be downloaded from 
https://my.appliedwatch.com. It should be noted that Applied Watch responded 
with a fix within an hour of the Bugtraq post being made public.

Based on the Bugtraq.org advisory, Applied Watch understands their 
are "hundreds" of other vulnerabilities that have been found. We urge any 
researcher at Bugtraq.org to contact us at support@...liedwatch.com with 
details on these other suspected vulns before going public with them short of 
a patch provided by Applied Watch.

Anyone with questions or concerns can contact us toll free at: (877) 262-7593 
or support@...liedwatch.com


Regards,
Eric Hines
CEO, President
Applied Watch Technologies, Inc.



Powered by blists - more mailing lists