| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3E3A8ECB.4070608@snosoft.com> From: dotslash at snosoft.com (KF) Subject: CERT, Full Disclosure, and Security By O I also want to make it clear I did not mean to imply that Steven was trying to collect 0day rather he has been going what I would consider "above and beyond" to make sure issues that have already been reported get properly documented so that all may benefit. -KF hellNbak wrote: > How predictable. What are you 12? > > On Fri, 31 Jan 2003, Georgi Guninski wrote: > > >>Steven M. Christey proposed the responsible disclosure lame draft and signed it. >>I find it quite hipocritical to propose delaying of information, and at the same >>time mitre to get the 0days before they are released. > > > So because Mitre proposes a "lame draft" you all of a sudden have a huge > problem with them? Where in the draft did it say anything - or on > Mitre's web site for that matter - that they collect zero days? I mean maybe I > have to learn how to read better or pay more attention to Christey's talks > but I have never heard of Mitre collecting code. AFAIK - they rely on > outside information sources. > > That being said, even if they did collect zero days. how is that > hypocritical? An example of hypocritical would be helping company find > and bury security issues while spending all your time hacking their > competing products....maybe thats not hypocritical and just unethical... > > >
Powered by blists - more mailing lists