[funsec] oracle not only offeder - researchers NOT responsible?
Randy_Vaughn at baylor.edu
Mon Dec 12 17:19:40 CST 2005
Gadi Evron wrote:
> The following is a very well researched text from Matthew Murphy's blog
> discussing the matter of disclosing vulnerabilities to many vendors (and
> specifically Microsoft). Further, as I understand it, he shows how
> vendors today use terms such as "responsible disclosure" to scare
> researchers and claim they are NOT responsible if they don't do it their
> While I certainly did not dispute the facts that David Litchfield showed
> of Oracle's behaviour, I did not agree with how he did it or that Oracle
> is alone.
> Oracle is not the only offender, and while I agree that Microsoft has
> come a LONG way and takes security a whole lot more seriously than they
> used to.. they still seem to not understand the security community and
> treat security as a PR problem.
> He shows specific cases and vulnerabilities, and is worth a read. Quite
> Refreshing and very informative.
> Fun and Misc security discussion for OT posts.
> Note: funsec is a public and open mailing list.
MY NAME IS MR.ZIMMER JONES, PERSONAL ASSISTANT TO MR CONRAD BLACK.THE
MEDIA TYCOON,CHAIRMAN/CEO OF HOLLINGER INTERNATIONAL
Oops! Sorry, wrong mailing. My mail client must be messed up as I
keep getting this mail from Gadi over and over again.
More information about the funsec