| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: blsonne at rogers.com (Byron L. Sonne) Subject: GREENAPPLE Release > I thought Full Disclosure propagators actually endorsed waiting for a > vendor to fix the vulnerability before announcing a security hole.. > On the other hand what do I know? My hat is black. Some days I find myself leaning more towards 'responsibility' while most days I recognize that the only way vendors learn is through repeated hard lessons. Consequently I keep my morals flexible as long as people's personal/physical safety is respected and money doesn't change hands when the law may be broken. There's always the golden rule if anyone finds themselves in need of a universal yardstick, though for a company like Microsoft, I do revel in seeing them take it dry. In any case, with all these idiotic laws, who isn't a criminal somewhere? Coming soon via treaty to a theatre near you! But I digress... I wasn't rankled by what could be perceived as a 'responsible' disclosure on Dave's part. I'm saying he and his crew sit on stuff and parcel it out when and where it will do the most good for their prestige. It might be good marketing, but I think it's cheesy how long some people sit on things, especially when pains are taken to point out that they've known about it for some time now. A little too Hollywood for my tastes. Whitehat or blackhat, whatever discipline, it's all the same beef if you hoard knowledge.
Powered by blists - more mailing lists