[Gene Spafford wrote]
|
| People who publish bugs/exploits that are not being actively exploited
| *before* giving the vendor a chance to fix the flaws are clearly
| grandstanding. They're part of the problem -- not the solution.
|
Who is to say the vulnerability in question was NOT being exploited
prior to release? Odds are it was. Bugtraq is a full-diclosure list.
The `problem` as you succinctly put it is in *non-disclosure*. While
it is still questionable whether or not the original posters found the bug
themselves (the advisory lacked any technical detail) calling them part of
the problem is a misfire of your disdain (attacking them on the content
of the advisory --or lack thereof-- is a much better call). The problem,
in this case, would be the malevolent individual(s) breaking into your
machine exploiting this bug (before or after it was disclosed).
Don't shoot the messenger.
--
I live a world of paradox... My willingness to destroy is your chance for
improvement, my hate is your faith -- my failure is your victory, a victory
that won't last.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:47 PDT