| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120710133701.225b4761.gem@rellim.com>
Date: Tue, 10 Jul 2012 13:37:01 -0700
From: "Gary E. Miller" <gem@...lim.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: How much time is appropriate for fixing
Yo Thor!
On Tue, 10 Jul 2012 19:58:16 +0000
"Thor (Hammer of God)" <thor@...merofgod.com> wrote:
> People do not disclose their research to make
> the world a better place. They do it for recognition or for money.
I would argue there is a 3rd reason. Self defense. I and others have
had issues of our servers being attacked by unkown evil doers. To keep
our servers running we need to reverse engineer the hack and get the
bug fixed or the attack vector blocked. Until '* Disclosure' in its many
aspects was common it was virtually impossible to get vendors to fix
open holes being actively used by attackers. The public shaming of
'* Disclosure' large companies found denial a very easy and cheap
resonse to bugs that were killing us.
So in this case recognition is not an issue and money is not an issue
for any non-commercial servers.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701
gem@...lim.com Tel:+1(541)382-8588
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists