Exploit Code on Trial

Exploit Code on Trial
Kevin Poulsen, SecurityFocus 2003-11-23

Security pros gathering at a Stanford University Law School conference on responsible vulnerability disclosure Saturday harmonized on the principle that vendors should be privately notified of holes in their products, and given at least some time to produce a patch before any public disclosure is made. But there was pronounced disagreement on the question of whether or not researchers should publicly release proof-of-concept code to demonstrate a vulnerability.

Screw the vendors 2003-11-24
Anonymous

I run Nessus scans on our network atleast once a month and have had and continue to equipment crash as a result. I've called several of the vendors and they still havn't fixed the problem and have simply told me to stop scanning. I bet if I wrote some easy to use code and published it on the net t...

[ more ]