Fritz Borgstedt wrote: > I really cannot understand, what the reason for you was to write such > a report .
Well, I had seen it before and I didn't track it through every version as I was not Perl savvy. When i find issues with products; and I understand the issue; and it hasn't been disclosed already - I disclose it in the interest of public security. I reported this issue in particular because from what I could recall it could effect multiple versions of ASSP - of which an undocumented number of users could be using. Without reporting, users not following this list or keeping up with betas might never know. The Full-Disclosure list is a gateway to getting security issues into bug-tracking databases. As perhaps they receive Secunia vulnerability reports like I do, so I can be notified immediately when a security vulnerability has been documented. It didn't have anything to do with any of the work that is actually being done with ASSP. It only had to do with public awareness. Nothing more should be taken from it. I pissed off Symantec pretty bad a couple of years ago - but they wouldn't respond to my email reports about an issue. It wasn't my intent to piss-off Symantec, but the issue allowed for a bypass of administrative controls on their corporate antivirus software. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
