[VIM] Dana Epp on responsible disclosure and VDB's
Steven M. Christey
coley at mitre.org
Tue Aug 23 16:06:39 EDT 2005
A recent blog entry by Dana Epp calls SecurityFocus to task for
publishing a BID on a third party researcher's report of a buffer
overflow that had not been coordinated with the vendor:
Please act more responsibly "AT ma CA". And you too Symantec (the
owners of Security Focus). You aren't helping the industry when you
do this. You hurt it.
http://silverstr.ufies.org/blog/archives/000849.html
Given the growing frequency of these kinds of complaints, it feels
like vuln DB's are going to be visibly targeted one of these days.
- Steve
More information about the VIM
mailing list