RE: [Full-Disclosure] Adobe Acrobat and PDF security: no improvements for 2 years

Tue, 08 Jul 2003 11:24:26 -0700 

Will somebody please re-work this timeline to include the arrest and trial?

Thanks.

  07/16/2001: "eBook Security: Theory and Practice" presentation on
              DefCon 9:
              http://www-2.cs.cmu.edu/~dst/Adobe/Gallery/defcon.ppt
  06/13/2002: Report sent to vendor
              (PASSKEY:75DF62C56A7DE9F888256BCB0001DF72)
  09/10/2002: Report sent to CERT
  10/08/2002: More detailed acknowledgment sent to reporter
  10/08/2002: Initial attempt to contact vendor via web feedback
  10/18/2002: Follow up to PR contact(s); point of contact initiated
  10/21/2002: Authentication loop closed; technical details sent
  10/29/2002: Ack asked for and received; further details sent
              related to report
  11/21/2002: Reporter asks for status update
  11/26/2002: Ping from reporter
  11/26/2002: Follow up with vendor to get status of report
  11/27/2002: Ack from vendor PR contact asserting more info soon
  11/28/2002: Follow up to vendor again asking for confirmation of
              details;
              let the vendor know reporter is willing to wait if
              details and solution acknowledged
  12/02/2002: Conversation with vendor contact verifying details of
              issue; mention made of issue being resolved in next
              release
  12/04/2002: Initial date identified for potential publication of the
              report
  12/09/2002: Vendor replies that their response is undergoing legal
              review
  12/18/2002: Reporter asks for status update; notes 45-day disclosure
              period over
  12/18/2002: Ack reporter
  12/18/2002: Ping vendor for written response again
  01/05/2003: Reporter asks for status update
  01/14/2003: Ack reporter; tentatively set publication date for 01/20
  01/20/2003: Reporter ack
  01/21/2003: Private CERT Vulnerability Card published with draft
              status
  03/19/2003: CERT Vulnerability Note (VU#549913) published:
              http://www.kb.cert.org/vuls/id/549913
  03/25/2003: Vendor Statement (JSHA-5EZQGZ) published:
              http://www.kb.cert.org/vuls/id/JSHA-5EZQGZ
  07/02/2003: Updated vulnerability report by reporter to CERT
  07/04/2003: Updated vulnerability report sent by reporter to vendor
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Reply via email to