lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20050321175453.060b8053.infamous41md@hotpop.com>
Date: Mon, 21 Mar 2005 17:54:53 -0500
From: sean <infamous41md@...pop.com>
To: bugtraq@...urityfocus.com
Subject: Re: [VulnWatch] Details of Sybase ASE bugs withheld


On Mon, 21 Mar 2005 21:50:22 -0000
"David Litchfield" <davidl@...software.com> wrote:

> Hey Halvar,
> > am I understanding this correctly ? Sybase is threatening "something"
> > so that the technical details of the vulnerability are kept secret
> > indefinitely ?
> 
> Yes - you understand correctly. Needless to say I hope all of this can be 
> resolved amicably; and the details will be published.
> 
> >
> > This is a rather curious development. Are the pre/post patch versions
> > freely downloadable ?
> 
> To be honest, I don't know, but if the patch is freely downloadable, let's 
> face it, the "details" are there to anyone with a disassembler, anyway. This 
> kind of legal threat achieves nothing other than to make legit researchers 
> fearful about being sued if they find and publish security issues - even if 
> they do so in a responsible manner. In such a climate security research will 
> be driven underground - which is where the "good guys" really don't want it 
> to be.
> 
> 
> Cheers,
> David Litchfield
> Research Scientist
> NGSSoftware Ltd
> http://www.ngssoftware.com/
> 
> 

Pardon my ignorance, but on what legal grounds can they do anything if you tell
them f' off and release anyway?  This is absolute insanity.  Who do they think
they are?  They don't own your intellectual property.  I'd call their bluff if I
were you, but then again I'm not ;)

-- 
[ sean ]



Powered by blists - more mailing lists