lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050321175453.060b8053.infamous41md@hotpop.com> Date: Mon, 21 Mar 2005 17:54:53 -0500 From: sean <infamous41md@...pop.com> To: bugtraq@...urityfocus.com Subject: Re: [VulnWatch] Details of Sybase ASE bugs withheld On Mon, 21 Mar 2005 21:50:22 -0000 "David Litchfield" <davidl@...software.com> wrote: > Hey Halvar, > > am I understanding this correctly ? Sybase is threatening "something" > > so that the technical details of the vulnerability are kept secret > > indefinitely ? > > Yes - you understand correctly. Needless to say I hope all of this can be > resolved amicably; and the details will be published. > > > > > This is a rather curious development. Are the pre/post patch versions > > freely downloadable ? > > To be honest, I don't know, but if the patch is freely downloadable, let's > face it, the "details" are there to anyone with a disassembler, anyway. This > kind of legal threat achieves nothing other than to make legit researchers > fearful about being sued if they find and publish security issues - even if > they do so in a responsible manner. In such a climate security research will > be driven underground - which is where the "good guys" really don't want it > to be. > > > Cheers, > David Litchfield > Research Scientist > NGSSoftware Ltd > http://www.ngssoftware.com/ > > Pardon my ignorance, but on what legal grounds can they do anything if you tell them f' off and release anyway? This is absolute insanity. Who do they think they are? They don't own your intellectual property. I'd call their bluff if I were you, but then again I'm not ;) -- [ sean ]
Powered by blists - more mailing lists