Chandrashekhar B escreveu: > I agree to the points here. If we assume that all are using distribution > specific packages (that makes it easy), problem is solved. I have one > question though, when vulnerability is reported in a package and vendor > hasn't released an update, there's a time window where user is unaware that > vulnerability exist. Do we have to report or wait till update is released? >
It's important to report anyway... Security != obscurity... If we know there is a problem, the user should know too... Maybe this will help them to better choose their vendors. cya, Rodrigo (BSDaemon). _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
