Gary McGraw wrote: > The main thing I wonder is, what do you think? When you have a hot > demonstration of an exploit, how do you responsibly release it? What > role do such demonstrations play in moving software security forward?
To pick one extreme, I believe there are times when intentionally blindsiding a vendor is appropriate: http://ryanlrussell.blogspot.com/2006/11/you-want-mac-wireless-bugs.html BB _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
