[email protected] wrote: > On Tue, 23 Apr 2013 17:51:55 +0300, Georgi Guninski said: > > Completely disagree. > > > > IMHO nobody should bother negotiating with terrorist vendors. > > > > Q: What responsibility vendors have? A: Zero. Check their disclaimers. > > And disclaimer or no disclaimer, there's a lot of vendors who want to Do > The Right Thing and fix their stuff to protect their users (if for no > other reason than the possibility of lost customers if they ignore > security issues too often). > > If you're a black hat, do whatever the heck you want. > > If you're a white hat, be responsible and at least try to engage the > vendor. If you're worried about being stiffed for the credit for the > find, write the advisory and post the MD5 hash somewhere before contacting > the vendor. If they respond and work on the problem, the process works. > If they blow you off, go blackhat and do whatever the heck you want. :) > > Now wasn't that easy? :)
Easy and nonsense, I really hope you don't think this is about credit. Tavis. -- ------------------------------------- [email protected] | pgp encrypted mail preferred ------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
