[EMAIL PROTECTED] wrote: [snip] > We will work with vendors, if we discover vulnerabilities in other > products, to report and investigate the issue in a thorough and > timely fashion, in the same way that Symantec will work with other > security researchers if they find an issue with any Symantec > technology. > We observe a 30-day grace period after the notification of a > security advisory to give users an opportunity to apply the patch. > During this grace period, we provide our customers significant > information about the vulnerability and the fix, but not > step-by-step instructions for exploiting the vulnerability. > We do not provide detailed exploit code or provide samples of > malicious code except to other trusted security > researchers and in a secured manner.
Just curious: will they consider the Nessus community as "trusted security researchers" or as a gang of dangerous terrorists? Should we ask them? Just like this? -- mailto:[EMAIL PROTECTED] GPG Public keys: http://michel.arboi.free.fr/pubkey.txt http://michel.arboi.free.fr/ http://arboi.da.ru/ FAQNOPI de fr.comp.securite : http://faqnopi.da.ru/
