On 2002-01-17 Josha Bronson wrote the folowyng: JB> This is the problem as it sits. If I reach out to "the community" for JB> additional assistance with researching this bug I might as well just send JB> out an advisory. If I release an advisory the vendor will most likely JB> not have a patch ready, they will feel violated and the user base will JB> be left open to exploitation with no fix. If I do nothing, the problem JB> persists and nothing gets accomplished, and maybe someone with not so JB> good intentions discovers the same bug and uses it to do harm. JB> So, what would you do? Well. "The community" doesn't have to be vuln-dev. Pick a couple of known sec teams and ask them if they have the will and proper equipment to check wether this thing is exploitable. I'm sure you'll find at least one willing to take it over from you. -- Mariusz Mazur "One Ring to bring them all and in the darkness bind them"
This archive was generated by hypermail 2b30 : Thu Jan 17 2002 - 11:16:31 PST