On Mon, 19 Feb 2007, Peter Dawson wrote: > just asking... Is this std practice by vendor to state.... ??? "[..] we > ask you respect responsible disclosure guidelines and not report this > publicly...."
It's a common and pretty shameless practice for Microsoft. They also openly criticize such researchers in media statements (while mentioning some overly comforting mitigating factors), and then "penalize" you for not disclosing to them 3-12 months in advance by not crediting you in vendor bulletins. These ungrateful researchers, eh? /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
