lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20040806142520.56426.qmail@web51504.mail.yahoo.com>
From: keydet89 at yahoo.com (Harlan Carvey)
Subject: New Security web site: http://exploitwatch.org

Thanks for the reply.

> True, but as I said: "Some web-sites and mailing
> lists
> already provide this functionality, but we have
> found them
> way too slow to publish new updates as well as being
> incomplete."

Right, I caught that, too.

> We focus on exploits only, and aim to increase
> awareness and publish information
> faster and more systematically than existing
> services do.

Faster is good.  But how do you plan to address the
issue of completeness?  Also, since you're focusing
only on exploits (and not the vulnerabilities that
lead to the actual exploits), I'm really curious to
see how you plan to address completeness in that
sense.  Specifically...if a vulnerability exists, it's
clear that you're not going to address it until
someone actually exploits it.  Once the vulnerability
gets exploited, from what you've said, you're going to
"publish information faster"...but what information? 
In the vast majority of cases, when a company gets a
vulnerability exploited, all we hear is that they were
compromised, but not what vulnerability was actually
exploited.

Thanks.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ