| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <43611C54.7020309@gmail.com> Date: Thu Oct 27 19:28:51 2005 From: torbjorn.samuelsson at gmail.com (Torbjörn Samuelsson) Subject: Question about ethics when discovering a security fault in system Hi I stumbled upon a security fault (discovered it by mistake) this Sunday in a perimeter security device. The day after I contacted the manufacturer and informed them about it and later that evening the acknowledged the problem and they where able to reproduce it. My question is what is good ethics for me to continue with this? Sense I discovered it by mistake, and everyone can do the same thing and everyone can reproduce it. And it is a perimeter security device providing remote access from a large manufacturer. And might be a known problem by others than the manufacturer, how ever the product has only bean on the market for about 2 months. What I want a resolution so the device we bought to provide us with remote access and security shall work securely and that the company shall inform other owner of there products about the problem so they wont have the same security breach. BR Tobbe -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2825 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051027/51c469bf/smime.bin
Powered by blists - more mailing lists