| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200208030008.g7308FV05772@mailserver2.hushmail.com> From: choose.a.username at hushmail.com (choose.a.username@...hmail.com) Subject: Re: it\'s all about timing -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >You speak of "harnessing" vulnerability researchers. A number of >people have said that the current RVDP draft asks too much of >researchers, including Georgi Guninski and Rain Forest Puppy (and some >vendors). That feedback will be taken into account in the next Harnessing in a "P2V" effort. Collecting the data from bug finders, bug hunters, neatly packaging it to suit the vendor, then releasing so that what the vendor ultimately has is a nice free outsourced quality control mechanism. Standardised the process and vendors may as well do away with ever really coding cleanly. Why, because there is a reporting standard that everyone must adhere to which will very neatly cost them nothing, and ultimately achieve the same results. Certainly some immense monatery value in such a favourable network down the road. -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wmYEARECACYFAj1LHdUfHGNob29zZS5hLnVzZXJuYW1lQGh1c2htYWlsLmNvbQAKCRDT 5JkCl0iMkDfJAJ9K3jwmnmns6WVz00azWhozxXiYZwCeJb4/L42/G2GpZxzorUQHCOoq BVQ= =tc5z -----END PGP SIGNATURE----- Communicate in total privacy. Get your free encrypted email at https://www.hushmail.com/?l=2 Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
Powered by blists - more mailing lists