| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <044d01c3fcb4$d86a3de0$452ea8c0@LUFKIN.DPSOL.COM> From: purdy at tecman.com (Curt Purdy) Subject: [inbox] RE: What's wrong with this picture? Replugge wrote: > The fact that exploit code is made available after the patch > is released, > is probably because the researchers > Made the vulnerability publicly available at same time as the > patch was > released, otherwise MS wouldnt give > Credit to the researchers for the vuln. Not only that, but I have always suspected the reason for the close follow-up releasing exploits after patch release is because the value of the 0-day that had been used for whatever purposes the writer wanted was now null. At that point, her pride takes over and she releases her work for the world to see. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke
Powered by blists - more mailing lists