Re: Complicated Disclosure Scenario

From: David Carroll (dcarrollat_private)
Date: Thu Jan 17 2002 - 06:19:31 PST

Next message: Raymond Vrolijk: "Re: [VulnWatch] CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]"

Previous message: Ryan Permeh: "Re: Complicated Disclosure Scenario"
In reply to: Josha Bronson: "Complicated Disclosure Scenario"
Next in thread: Nick Lange: "Re: Complicated Disclosure Scenario"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

         I think the most important part of the message is that they are 
not doing thier own investigating.  If you don't have the time or tools to 
do more, and they refuse to, let someone who wants the challenge do 
it.  Let it out, but warn the company that you are going to do so, and give 
them a bit of time in case they fell like doing something about it then.

Thus spake Josha Bronson:
>This is the problem as it sits. If I reach out to "the community" for
>additional assistance with researching this bug I might as well just send
>out an advisory. If I release an advisory the vendor will most likely
>not have a patch ready, they will feel violated and the user base will
>[...] So, what would you do?

David Carroll
System Administrator, HGO Technology
www.hgo.net

Next message: Raymond Vrolijk: "Re: [VulnWatch] CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]"
Previous message: Ryan Permeh: "Re: Complicated Disclosure Scenario"
In reply to: Josha Bronson: "Complicated Disclosure Scenario"
Next in thread: Nick Lange: "Re: Complicated Disclosure Scenario"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 17 2002 - 11:01:17 PST