Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Exploit Code on Trial
Kevin Poulsen, SecurityFocus 2003-11-23

Security pros gathering at a Stanford University Law School conference on responsible vulnerability disclosure Saturday harmonized on the principle that vendors should be privately notified of holes in their products, and given at least some time to produce a patch before any public disclosure is made. But there was pronounced disagreement on the question of whether or not researchers should publicly release proof-of-concept code to demonstrate a vulnerability.

Submit Comment Mode:
Name:
Subject:
Message:
 
  Enter the characters that appear above
 
Screw the vendors 2003-11-25
Rodrigo Otaviano <rodrigo (at) otaviano (dot) com [email concealed]>
Well, I think the best way to approach this kind of situation is by firstly contacting the vendor and trying to work with them. When I say "work with them" I mean you need to demonstrate that you are interested in having a fast solution to the problem.

I've recently gone through a similar situati...

[ more ]  




 

Privacy Statement
Copyright 2009, SecurityFocus