lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: skylazart at (Felipe Cerqueira - skylazart)
Subject: no more public exploits

I Agree!!!!

And, if you want check service packs or patchs, all you need is try to
crash it...

Security companies are getting too much money with our "toys".

> Heres my two cents :-/
> Exploit code is better kept private.
> Advisories should be public.
> Why?
> Because exploit code is not easy to write depending on the bug. And I
> for one sure dont want some 'penetration tester' taking my code and
> plugging it into his automated scanner and collecting the cash. Im far
> to greedy to watch that happen. Sorry.
> NON-Disclosure of Exploit code.
> Full-Disclosure of Advisories.
> As far as the discussion of sysadmins patching on time or not. All I
> will say is this . . .  if they did patch on time there wouldnt be a
> - borg (ChrisR-)
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:

- skylazart [at]

Powered by blists - more mailing lists