lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.6.66.0301311316530.15607-100000@www.nmrc.org>
From: hellnbak at nmrc.org (hellNbak)
Subject: CERT, Full Disclosure, and Security By O

How predictable.  What are you 12?

On Fri, 31 Jan 2003, Georgi Guninski wrote:

> Steven M. Christey proposed the responsible disclosure lame draft and signed it.
> I find it quite hipocritical to propose delaying of information, and at the same
> time mitre to get the 0days before they are released.

So because Mitre proposes a "lame draft" you all of a sudden have a huge
problem with them?  Where in the draft did it say anything - or on
Mitre's web site for that matter - that they collect zero days?  I mean maybe I
have to learn how to read better or pay more attention to Christey's talks
but I have never heard of Mitre collecting code. AFAIK - they rely on
outside information sources.

That being said, even if they did collect zero days. how is that
hypocritical?  An example of hypocritical would be helping company find
and bury security issues while spending all your time hacking their
competing products....maybe thats not hypocritical and just unethical...



-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"I don't intend to offend, I offend with my intent"

hellNbak@...c.org
http://www.nmrc.org/~hellnbak

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ