lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <3E38685D.40600@thievco.com>
From: BlueBoar at thievco.com (Blue Boar)
Subject: Fw: Full Disclosure != Exploit Release - No
 disclosure No Fix

yossarian wrote:
> Why do I get the feeling that we are running around in circles on these
> lists? Discussion just don't get settled, and the more experienced people
> get tired, and just lurk or leave.

Because we are going in circles.  Much of the full disclosure debate is 
based on opinions, assumptions, or gut feeling.  It's an incredibly complex 
topic, and we don't have near enough information to "prove" anyone's 
position.  It comes up all the time because something happens that seems to 
lend weight to someone's side, or because some new form of pain occurs that 
makes people question whether it's worth it.

I don't mind participating in an intelligent debate on it from time to 
time, but don't expect anything to really be resolved.  The kinds of 
studies that need to be done in this area are few and far between, and 
usually are to small in scope, due to lack of resources.

					BB

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ