On Mon, Apr 11, 2005 at 01:55:00PM -0400, [EMAIL PROTECTED] wrote: > They do want you to communicate with them (or vendors) in a more > responsible manner but at the same time totally admit to their "PR issue" and > how they have handled bug finders in the past and internal security in the > past and are changing. There email in this thread is exactly the truth as it > was written. >
calculate the difference in the dates: http://www.securityfocus.com/archive/1/395563/2005-04-09/2005-04-15/0 Microsoft MSHTA Script Execution Vulnerability iDEFENSE Security Advisory 04.12.05 www.idefense.com/application/poi/display?id=231&type=vulnerabilities April 12, 2005 VIII. DISCLOSURE TIMELINE 11/02/2004 Initial vendor notification 11/02/2004 Initial vendor response 04/12/2005 Coordinated public disclosure http://www.securityfocus.com/archive/1/395562/2005-04-09/2005-04-15/0 VIII. DISCLOSURE TIMELINE 10/25/2004 Initial vendor notification 10/25/2004 Initial vendor response 04/12/2005 Coordinated public disclosure http://www.securityfocus.com/archive/1/395559/2005-04-09/2005-04-15/0 VIII. DISCLOSURE TIMELINE 11/11/2004 Initial vendor notification 11/11/2004 Initial vendor response 04/12/2005 Coordinated public disclosure -- where do you want bill gates to go today? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
