| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: phased at mail.ru (phased) Subject: GREENAPPLE Release > > > I thought Full Disclosure propagators actually endorsed waiting for a > > vendor to fix the vulnerability before announcing a security hole.. > > On the other hand what do I know? My hat is black. > > Some days I find myself leaning more towards 'responsibility' while most > days I recognize that the only way vendors learn is through repeated > hard lessons. > Its not your responsibility to do work that they get paid for. > Consequently I keep my morals flexible as long as people's > personal/physical safety is respected and money doesn't change hands > when the law may be broken. There's always the golden rule if anyone > finds themselves in need of a universal yardstick, though for a company > like Microsoft, I do revel in seeing them take it dry. In any case, with > all these idiotic laws, who isn't a criminal somewhere? Coming soon via > treaty to a theatre near you! > > But I digress... I wasn't rankled by what could be perceived as a > 'responsible' disclosure on Dave's part. I'm saying he and his crew sit > on stuff and parcel it out when and where it will do the most good for > their prestige. It might be good marketing, but I think it's cheesy how > long some people sit on things, especially when pains are taken to point > out that they've known about it for some time now. A little too > Hollywood for my tastes. > We all know most of these lists exist as an advertising media.
Powered by blists - more mailing lists