| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Apr 2013 17:51:55 +0300 From: Georgi Guninski <guninski@...inski.com> To: Gregory Boddin <gregory@...hine.net> Cc: full-disclosure@...ts.grok.org.uk, jay van <jay4sdata@...il.com> Subject: Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere) Completely disagree. IMHO nobody should bother negotiating with terrorist vendors. Q: What responsibility vendors have? A: Zero. Check their disclaimers. On Tue, Apr 23, 2013 at 04:14:53PM +0200, Gregory Boddin wrote: > That's indeed not rocket science. > > Nobody should release their disclosure/exploit (or give hint about it) in > the wild before letting the vendor fix it. > > There's already enough blackhats out there selling/using those. > > I sure hope I am not the only person in the list who wishes responsible > > disclosure. > > > > --- > > Henri Salo > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.10 (GNU/Linux) > > > > iEYEARECAAYFAlF2eWAACgkQXf6hBi6kbk8p+QCgkrzZnNpipCMC/kexFq8OR3Q2 > > NiIAnRMYicxFqmJhvjLIEZolEKjQcEEE > > =q78V > > -----END PGP SIGNATURE----- > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists