> People who publish bugs/exploits that are not being actively exploited > *before* giving the vendor a chance to fix the flaws are clearly > grandstanding. They're part of the problem -- not the solution. No. The problem is badly written code. It takes me about 2 minutes to find bugs in security related software. I am assuming that I'm not the only person looking for these kinds of bugs. The REAL problem is software package maintainers who do not proactively audit their software.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:43 PDT