| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20020711120054.E1270@techmonkeys.org> From: poptix at techmonkeys.org (Matthew S. Hallacy) Subject: Re: Announcing new security mailing list On Thu, Jul 11, 2002 at 09:04:21AM -0700, Blue Boar wrote: > There is no Bugtraq "scheme". The Bugtraq moderator does not hold any > posts. The poster gets to decide when his informatino is released. The > people who post to Bugtraq as just as able to blindside a vendor as on any > other mailing list. > > The closest thing to what you describe that is offered by SecurityFocus is > the vulnhelp service. This is a way for someone who finds a bug to > voluntarily dump the hassle of dealing with notifying the vendor and > waiting onto the SecurityFOcus staff. Someone who uses vulnhelp still > wants to give the vendor advanced notice, they just don't want to do it > themselves. If they don't want the vendor to have any warning, they just > post to Bugtraq. > > BB I disagree, I think my DOCSIS vulnerability posting is a good example of something that should have gone out immediately, but was /never/ posted. ( I ended up taking it to another list) It was valid, the vendors knew, but it was withheld because you deemed it 'malicious'. -- Matthew S. Hallacy FUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203
Powered by blists - more mailing lists