[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] "responsible disclosure" explanation (an
- To: guninski@xxxxxxxxxxxx (Georgi Guninski)
- Subject: Re: [Full-disclosure] "responsible disclosure" explanation (an
- From: bugtraq@xxxxxxxxxxxxxxx
- Date: Wed, 10 Aug 2005 11:13:56 -0400 (EDT)
> iss forgot it's handling of the apache chunk bug:
> http://www.derkeiler.com/Mailing-Lists/ISS/2002-06/0009.html
> quote:
> ------
> ISS X-Force deals with all vendors on a case-by-case basis
> to provide maximum protection for **our customers** and the community.
> ------
Last I checked Gobbles found this exploit and ISS simply reported it being
exploited in the wild.
Of course they are going to alert their *paying customers* before alerting the
public mailing lists.
- zeno
http://www.cgisecurity.com
>
> --
> where do you want bill gates to go today?
>
> On Tue, Aug 09, 2005 at 07:04:23PM -0400, Ingevaldson, Dan (ISS Atlanta)
> wrote:
> > Just in case anyone is interested, the ISS Vulnerability Disclosure
> > Guidelines were made public a couple years ago, and last revised on July
> > 15, 2004. The document is available here:
> >
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/