[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20040806142520.56426.qmail@web51504.mail.yahoo.com>
From: keydet89 at yahoo.com (Harlan Carvey)
Subject: New Security web site: http://exploitwatch.org
Thanks for the reply.
> True, but as I said: "Some web-sites and mailing
> lists
> already provide this functionality, but we have
> found them
> way too slow to publish new updates as well as being
> incomplete."
Right, I caught that, too.
> We focus on exploits only, and aim to increase
> awareness and publish information
> faster and more systematically than existing
> services do.
Faster is good. But how do you plan to address the
issue of completeness? Also, since you're focusing
only on exploits (and not the vulnerabilities that
lead to the actual exploits), I'm really curious to
see how you plan to address completeness in that
sense. Specifically...if a vulnerability exists, it's
clear that you're not going to address it until
someone actually exploits it. Once the vulnerability
gets exploited, from what you've said, you're going to
"publish information faster"...but what information?
In the vast majority of cases, when a company gets a
vulnerability exploited, all we hear is that they were
compromised, but not what vulnerability was actually
exploited.
Thanks.
Powered by blists - more mailing lists