| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <F54XUkzni5rWqBsJFHO0000d7b3@hotmail.com> From: defender242 at hotmail.com (Defender Defender) Subject: Re: HP Full Disclosure Story >Just take a look at real world. >When you buy a beer or a car and then find a bug in it, you may disclose >the bug as you wish. (As bonus, both beer and cars come with > warranties, >unlike warez). > - We dont talk of simple bugs here. We talk of vulnerabilities. - Up to the client to select vendors that provide warranty. Free market. >So what makes beer and cars so different than warez? Not much different. The difference lies in simple bug (that sometimes compromise the very functionality of the software), and vulnerability (rarely compromises functionality, but could become risk under presence of someone capable of exploiting it). > >Or are you suggesting that if someone gets poisoned by a single buggy beer, >they keep quiet for thirty days so the beer maker fix the bug silently? In this case, the threat arises from the very act of drinking the beer. There is no relation between the disclosure and the threat. Again, we dont talk of the same problem. But I believe you know that (guess you are a brillant person), you just lack the honesty of presenting a valid analogy that could make you loose the argumentation... _________________________________________________________________ Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com
Powered by blists - more mailing lists