Don't get me wrong, I agree with Stuart as well. I was originally
replying from the point of view of the article, not my own personally. <br>
<br>
I believe that, as long as software companies treat security
researchers as nuisances (when they opt for responsible disclosure) or
threats (when they opt for full public), they're just going to continue
making it harder and harder on themselves.<br>
<br>
--Adrian<br><br><div><span class="gmail_quote">On 9/9/05, <b class="gmail_sendername">Gmx Private 01</b> <<a href="mailto:gegohouse@gmx.at">gegohouse@gmx.at</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>I would also agree with Stuart - while responsible disclosure is<br>the best way, the reality of it seems to be that people trying to do<br>the right thing are "punished" for their effort. As it is now, a<br>
little pressure could do wonders for a change in attitude.<br><br>Full public disclosure seems the only logical response here.<br><br><br>cheers,<br><br>gego<br><br><br>_______________________________________________<br>widdershins mailing list
<br><a href="mailto:widdershins@attrition.org">widdershins@attrition.org</a><br><a href="http://www.attrition.org/mailman/listinfo/widdershins">http://www.attrition.org/mailman/listinfo/widdershins</a><br></blockquote></div>
<br>