[Gene Spafford wrote] | | People who publish bugs/exploits that are not being actively exploited | *before* giving the vendor a chance to fix the flaws are clearly | grandstanding. They're part of the problem -- not the solution. | Who is to say the vulnerability in question was NOT being exploited prior to release? Odds are it was. Bugtraq is a full-diclosure list. The `problem` as you succinctly put it is in *non-disclosure*. While it is still questionable whether or not the original posters found the bug themselves (the advisory lacked any technical detail) calling them part of the problem is a misfire of your disdain (attacking them on the content of the advisory --or lack thereof-- is a much better call). The problem, in this case, would be the malevolent individual(s) breaking into your machine exploiting this bug (before or after it was disclosed). Don't shoot the messenger. -- I live a world of paradox... My willingness to destroy is your chance for improvement, my hate is your faith -- my failure is your victory, a victory that won't last.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:47 PDT