> Correct, reporting a vulnerability is the right thing to do, we are in > raging agreement. But purposely *NOT* contacting the vendors involved > because for some stupid immature reason your "don't trust them" and then > doing a press release on the vulnerability is not the right thing to do. Expecially if you provide a patch which doesn't patch correctly the bug. Bad move indeed, ISS. Stefano "Raistlin" Zanero System Administrator Gioco.Net public PGP key block at http://gioco.net/pgpkeys
This archive was generated by hypermail 2b30 : Fri Jun 21 2002 - 10:36:41 PDT