In <643814fdcaa74b54b6f94196472ef...@pinnacledesk1>, on 06/08/2010
at 05:36 PM, Pinnacle <[email protected]> said:
>It would be nice if someone actually documented a hole, instead of
>all the urban legends we hear.
I document security holes in IBM software when I report them to IBM. I
don't document them to anybody else until the exposure has been fixed.
I hope that others will do the same.
Please don't publicly disclose the details of a security hole while
the vendor is still developing a fix. Note that I'm *NOT* talking
about cases where the vendor can't be bothered to deal with security
issues, but I haven't had that problem with IBM in decades.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position; see <http://patriot.net/~shmuel/resume/brief.html>
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
