| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: mxb285 at bham.ac.uk (Martin Bealby) Subject: Exploit release On Mon, 2004-04-05 at 01:05, J.A. Terranson wrote: > 2 on the Troll-O-Meter. Thanks for playing though. Hey, I wasn't trying to troll. I was actually seriously thinking about it. Being relatively new to the security scene I thought it was a valid question. I know the list has degraded somewhat over the past few months but you don't have to have a go at me just for asking a question. I thought the full-disclosure list would be the most appropriate place to ask this sort of question, as I know the majority of the people on this list use sensible disclosure techniques such as RFPolicy. However, if you go to a developer and say 'here is an exploit, you have X days to fix it until I go public', couldn't this be twisted into some sort of blackmail? I'm just trying to think everything through before I start my own research. Cheers, Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040405/d483afe1/attachment.bin
Powered by blists - more mailing lists