> > > I thought Full Disclosure propagators actually endorsed waiting for a > > vendor to fix the vulnerability before announcing a security hole.. > > On the other hand what do I know? My hat is black. > > Some days I find myself leaning more towards 'responsibility' while most > days I recognize that the only way vendors learn is through repeated > hard lessons. > Its not your responsibility to do work that they get paid for.
> Consequently I keep my morals flexible as long as people's > personal/physical safety is respected and money doesn't change hands > when the law may be broken. There's always the golden rule if anyone > finds themselves in need of a universal yardstick, though for a company > like Microsoft, I do revel in seeing them take it dry. In any case, with > all these idiotic laws, who isn't a criminal somewhere? Coming soon via > treaty to a theatre near you! > > But I digress... I wasn't rankled by what could be perceived as a > 'responsible' disclosure on Dave's part. I'm saying he and his crew sit > on stuff and parcel it out when and where it will do the most good for > their prestige. It might be good marketing, but I think it's cheesy how > long some people sit on things, especially when pains are taken to point > out that they've known about it for some time now. A little too > Hollywood for my tastes. > We all know most of these lists exist as an advertising media. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
