lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <005c01c52e5f$fbae6b90$2100a8c0@ngssoftware.com> Date: Mon, 21 Mar 2005 21:50:22 -0000 From: "David Litchfield" <davidl@...software.com> To: "Halvar Flake" <HalVar@....de>, "NGSSoftware Insight Security Research" <nisr@...tgenss.com> Cc: <bugtraq@...urityfocus.com>, <ntbugtraq@...tserv.ntbugtraq.com>, <vulnwatch@...nwatch.org> Subject: Re: [VulnWatch] Details of Sybase ASE bugs withheld Hey Halvar, > am I understanding this correctly ? Sybase is threatening "something" > so that the technical details of the vulnerability are kept secret > indefinitely ? Yes - you understand correctly. Needless to say I hope all of this can be resolved amicably; and the details will be published. > > This is a rather curious development. Are the pre/post patch versions > freely downloadable ? To be honest, I don't know, but if the patch is freely downloadable, let's face it, the "details" are there to anyone with a disassembler, anyway. This kind of legal threat achieves nothing other than to make legit researchers fearful about being sued if they find and publish security issues - even if they do so in a responsible manner. In such a climate security research will be driven underground - which is where the "good guys" really don't want it to be. Cheers, David Litchfield Research Scientist NGSSoftware Ltd http://www.ngssoftware.com/
Powered by blists - more mailing lists