Hello Alfred, AH> conversations on-list about full-disclosure. I'm of the opinion it's a AH> religious discussion with little or no merit for debate given that people <humour> Religious ??? Full disclosure is public nudism. Non-disclosure usually ends up in strip-tease for a happy few. </humour> AH> In brief they are now unloading limited details to the public about AH> vulnerabilities they have notified vendors about. One week may be, in some cases, to short to expect a reliable fix. Pushing vendors could lead to fixes that are buggier than what they fix, or break other things. But yes, this is an understandable middle ground and they address a real problem. AH> the Pen-testing community is that these vulnerabilities which are in the AH> process (presumably) of being fixed are actively being coded into the AH> Typhon II Vulnerability Assessment Scanner from NGSSoftware. This Fair enough. They have a competitive advantage. They deserve it. Which other company would sit on a competitive advantage and not use it ? If they were telling us they are not using their knowledge, would we believe them ? Would we trust them ? -- Best regards, Pierre mailto:pierreat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue May 28 2002 - 15:23:20 PDT