| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050810151356.59978.qmail@cgisecurity.net> Date: Wed Aug 10 21:04:59 2005 From: bugtraq at cgisecurity.net (bugtraq@...security.net) Subject: "responsible disclosure" explanation (an > iss forgot it's handling of the apache chunk bug: > http://www.derkeiler.com/Mailing-Lists/ISS/2002-06/0009.html > quote: > ------ > ISS X-Force deals with all vendors on a case-by-case basis > to provide maximum protection for **our customers** and the community. > ------ Last I checked Gobbles found this exploit and ISS simply reported it being exploited in the wild. Of course they are going to alert their *paying customers* before alerting the public mailing lists. - zeno http://www.cgisecurity.com > > -- > where do you want bill gates to go today? > > On Tue, Aug 09, 2005 at 07:04:23PM -0400, Ingevaldson, Dan (ISS Atlanta) wrote: > > Just in case anyone is interested, the ISS Vulnerability Disclosure > > Guidelines were made public a couple years ago, and last revised on July > > 15, 2004. The document is available here: > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
Powered by blists - more mailing lists