| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8C70DB9D4E82C9D-B74-1C7D6@mblk-d27.sysops.aol.com> Date: Tue Apr 12 22:02:47 2005 From: mcbain at aol.com (mcbain@....com) Subject: How to Report a Security VulnerabilitytoMicrosoft Did you notice in my email i said they "admit" it? There is no argument here nor there. The reason for this (from redmond) is they cannot break computers that are out there. There tolerance has to be even below one percent ,and even that is too much and finally conceded with them on their points. Also, they do not "patch" they find the root of the problem which adds more time. So you should be seeing less workarounds of microsoft patches. This is where the market for those third party scanners are out there for 0day or need to be picked up on by AVP's (which i must say have been doing better). Mike www.michaelevanchik.com -----Original Message----- From: Georgi Guninski <guninski@...inski.com> To: mcbain@....com Cc: tuytumadre@....net; jasonc@...ence.org; full-disclosure@...ts.grok.org.uk Sent: Tue, 12 Apr 2005 23:42:41 +0300 Subject: Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft On Mon, Apr 11, 2005 at 01:55:00PM -0400, mcbain@....com wrote: > They do want you to communicate with them (or vendors) in a more responsible manner but at the same time totally admit to their "PR issue" and how they have handled bug finders in the past and internal security in the past and are changing. There email in this thread is exactly the truth as it was written. > calculate the difference in the dates: http://www.securityfocus.com/archive/1/395563/2005-04-09/2005-04-15/0 Microsoft MSHTA Script Execution Vulnerability iDEFENSE Security Advisory 04.12.05 www.idefense.com/application/poi/display?id=231&type=vulnerabilities April 12, 2005 VIII. DISCLOSURE TIMELINE 11/02/2004 Initial vendor notification 11/02/2004 Initial vendor response 04/12/2005 Coordinated public disclosure http://www.securityfocus.com/archive/1/395562/2005-04-09/2005-04-15/0 VIII. DISCLOSURE TIMELINE 10/25/2004 Initial vendor notification 10/25/2004 Initial vendor response 04/12/2005 Coordinated public disclosure http://www.securityfocus.com/archive/1/395559/2005-04-09/2005-04-15/0 VIII. DISCLOSURE TIMELINE 11/11/2004 Initial vendor notification 11/11/2004 Initial vendor response 04/12/2005 Coordinated public disclosure -- where do you want bill gates to go today? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050412/96b53ad1/attachment.html
Powered by blists - more mailing lists