Re: [SC-L] On exploits, hubris, and software security

2006-11-03 Thread SC-L Subscriber Dave Aronson
Gary McGraw [mailto:[EMAIL PROTECTED] writes: The main thing I wonder is, what do you think? When you have a hot demonstration of an exploit, how do you responsibly release it? This isn't so much about that, in the usual sense. This was, as you say, a well-known vulnerability, one screamingly

Re: [SC-L] On exploits, hubris, and software security

2006-11-03 Thread Blue Boar
Gary McGraw wrote: The main thing I wonder is, what do you think? When you have a hot demonstration of an exploit, how do you responsibly release it? What role do such demonstrations play in moving software security forward? To pick one extreme, I believe there are times when intentionally