The value of vulnerabilities

The value of vulnerabilities
Jason Miller, 2006-03-07

There is value in finding vulnerabilities. Yet many people believe that a vulnerability doesn't exist until it is disclosed to the public. We know that vulnerabilities need to be disclosed, but what role do vendors have to make these issues public?

The value of vulnerabilities 2006-03-10
Max

Well I think both the vendor and the researcher are partly at fault. In a circumstance, this happens alot it seems, where the vendor is contacted by the researcher about a new vulnerability and exploit, and the vendor does nothing at all...the researchers best next move is to make the vulnerability...

[ more ]