On 12-May-09, at 9:22 PM, Karoly Negyesi wrote:
This guy believes in full disclosure so much he discloses everything he finds instead letting us fix and disclose.
Did he report this issue? http://justin.madirish.net/node/339. I still seems exploitable. I see he's been credited for SA's in the past. It's a shame that the noise from him is drowning out the real issues he's finding.
If there are a sizeable number of issues on his site which he hasn't reported, any idea how much of a backlog this will create for the SA team? Since the exploits are public, perhaps we should organize to go through his site and figure out what is still exploitable.
--Andrew
smime.p7s
Description: S/MIME cryptographic signature
