I have had administrators refuse to patch systems until I could prove that I could break in using an exploit right in front of them. I've been told that they need to balance my theoritical risk against their actual outlay of resources (yet, for some reason, they bet the lottery).
On 6/30/05, Jason Coombs <[EMAIL PROTECTED]> wrote: > > What I need is a security administrator, CSO, IT manager or sys admin > > that can explain why they find public exploits are good for THEIR > > organizations. Maybe we can start changing public opinion with regards > > to full disclosure, and hopefully start with this opinion leader. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
