Hello, Your missing legislative circumstances in your thoughts :
>- Releasing at a conference => Probable court time. Under what legislation would that potentially be the case ? >- Keeping it to yourself => Working under the assumption that your the >only one that has found that same bug is still semi relevant due to >the incredibly small size of the exploit dev community. However, as >Dave said, they'll be toasting to their sleeping dead 0days some day. Under the jurisdiction I personaly am under I am responsbile if I DON'T disclose vulnerabilities (to the vendor) - this includes potential damages should the vulnerability be used. This is the law over here if you have the PSF statute. -- http://blog.zoller.lu Thierry Zoller _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
