| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Apr 26 20:56:51 2006 From: trbilbro at verizon.net (Tim Bilbro) Subject: MSIE (mshtml.dll) OBJECT tag vulnerability You do a disservice to all IT shops by announcing these vulnerabilities before contacting the vendor. I am sure it would not generate as much web traffic to your site, but it is only fair and right to allow at least some amount of time for the vendor to respond. If you think you are helping, you are wrong. Would you go around town checking which stores are unlocked at night and then publish the list in the news before letting the shop owners know? That's pretty much what you are doing. It's just not helping. There is no proof that it is either. Tim Bilbro Information Security Specialist CISSP, MCSE trbilbro@...izon.net web: www.bloglines.com/blog/Bilbro RSS: www.bloglines.com/blog/Bilbro/rss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060426/454ae1b6/attachment.html
Powered by blists - more mailing lists