lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: zen-parse at (zen-parse)
Subject: re: is not

Florian Weimer Weimer@...T.Uni-Stuttgart.DE wrote:

> However, it's highly surprising that the Apache developers call the
> iDefense approach "reasonable disclosure".  Is it reasonable to
> disclose critical information on new security vulnerabilities to
> potential but paying blackhats *on* *the* *same* *day* *the* *vendors*
> *are* *notified*?

In the case of the apache shared memory ownership, I mentioned the issues
initially in an email sent Sun, 11 Nov 2001 to the apache security
address, and there was some general discussion, but nothing came of it.

In general however, I think that any approach that gets the information 
known is useful. There are definitely many approaches, but any that allows 
an issue to be disclosed is at least partially good.

-- zen-parse

1) If this message was posted to a public forum by, it 
may be redistributed without modification. 
2) In any other case the contents of this message is confidential and not 
to be distributed in any form without express permission from the author.

Powered by blists - more mailing lists