> iss forgot it's handling of the apache chunk bug: > http://www.derkeiler.com/Mailing-Lists/ISS/2002-06/0009.html > quote: > ------ > ISS X-Force deals with all vendors on a case-by-case basis > to provide maximum protection for **our customers** and the community. > ------
Last I checked Gobbles found this exploit and ISS simply reported it being exploited in the wild. Of course they are going to alert their *paying customers* before alerting the public mailing lists. - zeno http://www.cgisecurity.com > > -- > where do you want bill gates to go today? > > On Tue, Aug 09, 2005 at 07:04:23PM -0400, Ingevaldson, Dan (ISS Atlanta) > wrote: > > Just in case anyone is interested, the ISS Vulnerability Disclosure > > Guidelines were made public a couple years ago, and last revised on July > > 15, 2004. The document is available here: > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
