| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <91746143E3B6E9469DBBFF9228B5FDDC9730@srv2kw3exchng.entrenchtech.com> From: steve at entrenchtech.com (Steve Manzuik) Subject: HP Full Disclosure Story How can you argue that? If there was a standard disclosure procedure that the majority of researchers and vendors agreed to something like this would either a.) never happen or b.) get thrown out of court in a massive PR nightmare for the vendor invovled. Right now, with no formal process that vendors in general adhere to HP can make a case of it. If a process was in place we would have real world precedence and a proven best practice -- meaning HP would lose in court and the door for EVERYONE to start suing vendors would start to open. -----Original Message----- From: Georgi Guninski [mailto:guninski@...inski.com] Sent: Fri 8/23/2002 11:24 AM To: full-disclosure@...ts.netsys.com Cc: Subject: Re: [Full-Disclosure] HP Full Disclosure Story This clearly illustrates why the responsibility RFC is a really evil thing. They are using funny arguments, but consider what threats they shall make if they have a RFC at hand. Georgi Guninski http://www.guninski.com Tamer Sahin wrote: > Hello Folks, > > In January, have found a security hole in HP AdvanceStack switches. This > vulnerability affected 8 different swicth models. There had been an > interesting mail traffic between HP Security Response Team and me. I compiled > it from my mail archive lastly and I thought that it would take your > attention. > > Best Regards; > > Tamer Sahin > http://www.securityoffice.net
Powered by blists - more mailing lists