lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20050805125023.GD24395@sivokote.iziade.m$>
Date: Fri Aug  5 13:49:28 2005
From: guninski at guninski.com (Georgi Guninski)
Subject: "responsible disclosure" explanation

here is what "responsible disclosure" means:

according to:
http://www.theregister.co.uk/2005/07/29/cisco_settles_rogue_researcher_dispute/

"Cisco's actions (regarding) Mr. Lynn and Black Hat were not based on the fact that a flaw was identified, rather that they chose to address the issue outside of established industry practices and procedures for responsible disclosure,"

the term "responsible disclosure" is a corporate instrument for trying to 
shut people up.

i doubt the "responsible" argument will stand in a non-us court.
also challenge the fact that this is "established industry practice".

the net result of the cisco gate is the info is out there and cisco is 
resetting luser's password.

check the flames about the responsibility rfc, which got ditched by the
IETF.

note: i don't promote neither disclosure, nor non-disclosure - everyone 
choses for themselves.

-- 
where do you want bill gates to go today?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ