[funsec] oracle not only offeder - researchers NOT responsible?

RLVaughn Randy_Vaughn at baylor.edu
Mon Dec 12 17:19:40 CST 2005


Gadi Evron wrote:
> The following is a very well researched text from Matthew Murphy's blog
> discussing the matter of disclosing vulnerabilities to many vendors (and
> specifically Microsoft). Further, as I understand it, he shows how
> vendors today use terms such as "responsible disclosure" to scare
> researchers and claim they are NOT responsible if they don't do it their
> way.
> 
> While I certainly did not dispute the facts that David Litchfield showed
> of Oracle's behaviour, I did not agree with how he did it or that Oracle
> is alone.
> 
> Oracle is not the only offender, and while I agree that Microsoft has
> come a LONG way and takes security a whole lot more seriously than they
> used to.. they still seem to not understand the security community and
> treat security as a PR problem.
> 
> He shows specific cases and vulnerabilities, and is worth a read. Quite
> Refreshing and very informative.
> 
> http://blogs.securiteam.com/index.php/archives/133
> 
>     Gadi.
> 
> 
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

MY NAME IS MR.ZIMMER JONES, PERSONAL ASSISTANT TO MR CONRAD BLACK.THE
MEDIA TYCOON,CHAIRMAN/CEO OF HOLLINGER INTERNATIONAL

Oops! Sorry, wrong mailing.  My mail client must be messed up as I
keep getting this mail from Gadi over and over again.




More information about the funsec mailing list