lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87vg54fxpd.fsf@Login.CERT.Uni-Stuttgart.DE>
From: Weimer at CERT.Uni-Stuttgart.DE (Florian Weimer)
Subject: openssl exploit code

hellNbak <hellnbak@...c.org> writes:

> Source?  URL?  Article?  I personally would be very surprised if this
> happened.  But stranger things have happened.

I've got the following quote from Computerzeitung, but no direct URL:

| Bugtraq wird den Industrienormen f?r Security-Ver?ffentlichungen
| folgen, wie es das heute bereits tut. Es gibt immer Verz?gerungen,
| sogar bei Bugtraq: Die Sicherheitsl?cke muss verifiziert und der
| Hersteller alarmiert werden. Typischerweise r?umt man ihm immer eine
| Gef?lligkeitszeit ein, um einen Patch zu entwickeln. Diesen Standard
| werden wir beibehalten.

John Schwarz, Chief Operating Office, Symantec.

Approximate translation:

Bugtraq will follow the industry norms for security disclosures, like
it does now.  There are always delays, even with Bugtraq: A security
vulnerability has to be verified, and the vendor has to be alarmed.
Typically, the vendor gets a grace period to develop a patch.  We will
keep this standard.

(Sorry, English isn't my native tongue.)

-- 
Florian Weimer 	                  Weimer@...T.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ