| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Jul 2006 04:42:59 +0300
From: Javor Ninov <drfrancky@...urax.org>
To: Aaron Gray <angray@...b.net>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: To XSS or not?
how we will measure which one is major and which not ?
major for you is minor for me and vice versa.
if we agree that XSS are vulns (i personally agree) then they deserve to
be reported. Just look at the subject of the message that report a XSS
and choose to read it or to not read it.
XSS are based on bad code practices .. some day the programmers will
learn to not make such mistakes if we point them. if we ignore them ....
well security is not based on ignorance.
Aaron Gray wrote:
> Major ones could still be reported on the other lists.
>
> Aaron
>
>> something like xsstraq powered on securityfocus should be cleaner yep :)
>>
>>> Maybe there should be a special XSS list that could specialize in
>>> that area ?
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Javor Ninov aka DrFrancky
drfrancky shift+2 securax.org
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists