lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <242a0a8f0604271619n6785f7eale84a38720241045f@mail.gmail.com>
Date: Fri Apr 28 00:19:23 2006
From: eaton.lists at gmail.com (Brian Eaton)
Subject: MSIE (mshtml.dll) OBJECT tag vulnerability

On 4/27/06, Michal Zalewski <lcamtuf@...ne.ids.pl> wrote:
> Why didn't I even try, you say? Past experiences of numerous researchers
> aside, consider this: Microsoft takes 3-6 months to fix critical but
> non-public vulnerabilities in their flagship software (some of these flaws
> must've been independently discovered by the rogues, hence putting
> customers at great risk, or at best taking chances). This is not a
> reasonable timeframe, compared to industry averages. Yet, they only take
> 2-4 weeks to fix publicly disclosed bugs - thus making software safer,
> sooner.

Please note that I ask this out of curiousity, and not in an attempt
to be critical.

Why not give MSRC a head start of one week?

Regards,
Brian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ