| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Oct 7 22:12:56 2005 From: stan.bubrouski at gmail.com (Stan Bubrouski) Subject: Websites vulnerabilities disclosure On 10/6/05, Georgi Guninski <guninski@...inski.com> wrote: > On Thu, Oct 06, 2005 at 09:09:32AM +0400, offtopic wrote: > > <snip> Which fird-party can't be user as coordinator, like CERT/CC? > > i recommend you don't use coordinators - they are f*ck*d parasites. > think about what they will "coordinate" - probably selling your info. > cert* sux. I really agree with this. When you're a researcher who puts the time in to discovering, exploiting, and sometimes fixing a vulnerability, you've done the work, why let them steal the credit? There are times when you find holes that you report to one of these services because you have no time or motivation to do the research yourself. But if you want the credit for what you've done or even feedback then writing up your own advisory or working on one with a vendor is a much better solution. After all, what do these services offer that you can't do yourself? Best Regards, sb > > -- > where do you want bill gates to go today? > > > > > > > > > > > > > > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
Powered by blists - more mailing lists