| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: guninski at guninski.com (Georgi Guninski) Subject: Re: Clarification on Xitami DoS Steven M. Christey wrote: > Muhammad Faisal Rauf Danka <mfrd@...itudex.com> asked: > > This thread is a good demonstration for why vendors need to be > responsive to incoming vulnerability reports. Without a response from > the vendor, we've now got a number of posts in which people have spent > extra time to (a) try to figure out the underlying cause of the issue, > (b) try to duplicate the issue, and (c) try to come up with a > resolution in the absence of vendor guidance and/or a patch. Vendors > often know the answers to these questions. > > Greater overall responsiveness by vendors is covered heavily by > section 3 of the Responsible Vulnerability Disclosure Process draft > [1]. Better responsiveness from vendors (and better coordination > overall) can reduce much of this guesswork, so that sysadmins and > security researchers can spend their time on more pressing issues. > In my opinion bundling bad stuff and good stuff in one document does not make the whole document good. When a vendor does not care about security, I simply stop using his product and don't expect a rfc to protect me and make the vendor a good guy. Georgi Guninski
Powered by blists - more mailing lists