lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200506301846.OAA29394@Sparkle.Rodents.Montreal.QC.CA>
Date: Thu Jun 30 19:59:21 2005
From: devnull at Rodents.Montreal.QC.CA (devnull@...ents.Montreal.QC.CA)
Subject: Publishing exploit code - what is it good for

[Because of all the broken autoresponders on bugtraq, the header From:
is a bitbucket.  Use the address in the signature to reach me.]

>> Quote: " If I speak to an end-user organization and they express
>> legitimate needs for exploit code, then I'll change my opinion."

Well, I'm not an end-user organization, but as an end user[%], the
major benefit I see to full disclosure is that it appears to be close
to the only thing that has any real success at getting vendors to fix
bugs.  (In general.  There certainly are vendors that stay on top of
things without needing the prod of public exploit disclosure.  But they
are notable by their rarity.)

[%] "End user" is not the only hat I wear.  It's just the one I'm
    wearing here.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@...ents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ