Hi all, We all know that there is nothing more powerful for causing software security change than a flashy exploit demonstration. Once again, this has come to the fore in the actions of an IU student who took a well known boarding pass vulnerability and wrote a script to make it real. Just after that, a Congressman called for his arrest and the FBI/TSA showed up at his house with a search warrant and took away his machines.
My latest darkreading article is about the situation: http://www.darkreading.com/document.asp?doc_id=109717&WT.svl=tease3_2 The main thing I wonder is, what do you think? When you have a hot demonstration of an exploit, how do you responsibly release it? What role do such demonstrations play in moving software security forward? gem company www.cigital.com podcast www.cigital.com/silverbullet book www.swsec.com ---------------------------------------------------------------------------- This electronic message transmission contains information that may be confidential or privileged. The information contained herein is intended solely for the recipient and use by any other party is not authorized. If you are not the intended recipient (or otherwise authorized to receive this message by the intended recipient), any disclosure, copying, distribution or use of the contents of the information is prohibited. If you have received this electronic message transmission in error, please contact the sender by reply email and delete all copies of this message. Cigital, Inc. accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this email or its contents. Thank You. ---------------------------------------------------------------------------- _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
