| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4b6ee9310808050827g6c1d8026p127cefb8c41f1918@mail.gmail.com> Date: Tue, 5 Aug 2008 16:27:49 +0100 From: n3td3v <xploitable@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Fwd: Comment on: Microsoft to give partners heads-up on security vulnerabilities ---------- Forwarded message ---------- From: n3td3v <xploitable@...il.com> Date: Tue, Aug 5, 2008 at 4:24 PM Subject: Comment on: Microsoft to give partners heads-up on security vulnerabilities To: n3td3v <n3td3v@...glegroups.com> by n3td3v August 5, 2008 8:17 AM Verbal contracts of non-disclosure agreements don't work, you need a new law in place, which I call the responsible disclosure act, http://seclists.org/fulldisclosure/2008/Jul/0439.html to enforce the agreement by a law if the agreement is broken. Or are you guys just gonna do another "oops the cat's out the bag" again like what happened with the verbal contract agreement Dan Kaminsky had with everyone before a blog entry leaked the vulnerability by *accident*. Is this Microsoft agreement of non-disclosure actually enforceable by any current law? If not a new law is needed to be drawn up, see the link above, or this "Microsoft Active Protection Program" is gonna turn out a complete shambles. http://news.cnet.com/8601-1009_3-10006325.html?communityId=2114&targetCommunityId=2114&messageId=772539#772539 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists