The value of vulnerabilities

The value of vulnerabilities
Jason Miller, 2006-03-07

There is value in finding vulnerabilities. Yet many people believe that a vulnerability doesn't exist until it is disclosed to the public. We know that vulnerabilities need to be disclosed, but what role do vendors have to make these issues public?

Re: Responsible disclosure 2006-03-14
Robert E. Lee

> I'd submit that to be truly a responsible disclosure, no vulnerability should be released to the entire public without a workaround included.

Sometimes the only workaround is to disable public access to the service or software that is vulnerable. According to our customers of third-party produ...

[ more ]