lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: Bart.Lansing at kohls.com (Bart.Lansing@...ls.com)
Subject: Beta Advisories


Yes, and the OIS guidelines are thinly veiled "Oh please don't tell the 
world that we have had this bug for 6 months...we'll look bad" methods for 
being able to quash the full disclosure model and take the  pressure of 
"respond to me, get it fixed, or thr world is going to know about it" off 
the vendors.  Do you really think that the vendors will expend resources 
to fix things just because it is "the right thing to do"?   Please tell me 
you're not that naive...please. 

I'm not advocating playing bombs away, sneak attacking a vendor by issuing 
a 0-day disclosure publicly.  I sure as hell am saying that a vendor 
knowing the vuln will in fact be disclosed after a reasonable period of 
time, fixed or not, has certainly motivated more than a few to get the fix 
done prior to taking a public black eye. 

Bart Lansing
Manager, Desktop Services
Kohl's IT


full-disclosure-admin@...ts.netsys.com wrote on 07/06/2004 10:47:47 AM:

> I don't think it's garbage. I bring up a valid point here.  If you 
> must, filter me out.. don't be lazy. 
> 
> This brings up the question of guidelines the OIS wish people to follow.
> 
> 
> Cheerio
> 
> 
> Henrik Persson <nix@...dicalist.net> wrote:
> On Tue, 2004-07-06 at 12:56, System Outage wrote:
> > If you do a query on the BUGTRAQ archive you'll see no mention of
> > Gmail and i'm sure that's not because people haven't been atttempting
> > to post about Gmail , but because the moderators think Gmail is beta.
> > I bet once Gmail is launched as a public service, the BUGTRAQ
> > moderators will allow Gmail advisories.
> 
> Pherhaps. But this _is_ full-disclosure, not bugtraq. This is FULL
> disclosure.
> 
> I'm lazy, too lazy to just filter you out. Stop posting garbage,
> garbage! ;/
> 
> -- 
> Henrik Persson 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> Do you Yahoo!?
> Read only the mail you want - Yahoo! Mail SpamGuard.

CONFIDENTIALITY NOTICE: 
This is a transmission from Kohl's Department Stores, Inc.
and may contain information which is confidential and proprietary.
If you are not the addressee, any disclosure, copying or distribution or use of the contents of this message is expressly prohibited.
If you have received this transmission in error, please destroy it and notify us immediately at 262-703-7000.

CAUTION:
Internet and e-mail communications are Kohl's property and Kohl's reserves the right to retrieve and read any message created, sent and received.  Kohl's reserves the right to monitor messages by authorized Kohl's Associates at any time
without any further consent.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040706/6c6d86c3/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ