Maybe he should build a vulnerability into each version, so he can announce each new version with the disclosure and satisfy your constraints.
-Travis On Wed, Aug 10, 2011 at 10:44 AM, Steven Pinkham <[email protected]>wrote: > [email protected] wrote: > > On Tue, 02 Aug 2011 22:17:58 -0300, root said: > >> Dude you just released INSECT Pro 2.7 less than a week ago. I swear to > >> god I'm being serious. > > > > It's not unusual for commercial products with customers that demand > product > > stability to release version 3.5 or whatever, then release 3.6, and after > that > > release 3.5.1, 3.5.2, yadda yadda with just bugfixes so sites can get > patched > > without having to make the 3.5->3.6 jump. > > Yes. But they don't spam full-disclosure with that info every week. > Rapid releases can be good, but the list charter says: > > "Gratuitous advertisement, product placement, or self-promotion is > forbidden." > > Announcing every point release of a commercial product falls afoul of > that. > -- > | Steven Pinkham, Security Consultant | > | http://www.mavensecurity.com | > | GPG public key ID CD31CAFB | > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on http://pastebin.com/f6fd606da
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
