| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4FEC277C.1050000@security-explorations.com> Date: Thu, 28 Jun 2012 11:44:28 +0200 From: Security Explorations <contact@...urity-explorations.com> To: Ramo <ramo@...dvikings.com> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Re: [SE-2012-01] Security weakness in Apple QuickTime Java extensions (details released) On 2012-06-26 23:00, Ramo wrote: >> The more surprising it is to see a vendor's >> response downplaying the importance of the issue found in its code that >> can actually contribute to the full blown attack against the users of >> its software. > > This is apple you're talking about, are you really that surprised? The answer is "yes" and "no": - Yes - because, that kind of attitude coming from a big software vendor with a large users base seems to be rare these days. Also, in the past we haven't experienced any issues with the company. - No - because we are aware that different vendors may act differently in response to the information received about security flaws in their products. That's one of the reasons behind our disclosure policy, vendors status and legal threats pages. Thank you. Best Regards, Adam Gowdiak --------------------------------------------- Security Explorations http://www.security-explorations.com "We bring security research to the new level" --------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists