lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <200208011657.g71GvbC24569@lart.sdsc.edu>
From: tep at SDSC.EDU (Tom Perrine)
Subject: Re: it's all about timing

>>>>> On Thu, 01 Aug 2002 16:03:33 +0300, Georgi Guninski <guninski@...inski.com> said:

    GG> What scares me is that the "Responsible Disclosure" FUD continues.
    GG> On bugtraq people write that CERT and SecurtyFocus are "established parties" and 
    GG> everyone who does not give them their 0days is irresponsible (at least CERT is 
    GG> known to sell 0days). I personally won't give them my 0days early.

I would like to see evidence that CERT "sells 0days".  Pretty
significant claim.  Although, I probably wouldn't disclose the actual
exploits to CERT, just to the vendor.

    GG> The "Responsible Disclosure" draft continues to get advertised, though it was 
    GG> not approved by IETF.

This is the problem.  IETF had a chance to put a stake in the ground,
and didn't.

-- 
Tom E. Perrine <tep@...C.EDU> | San Diego Supercomputer Center 
http://www.sdsc.edu/~tep/     |

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ