[VIM] Dana Epp on responsible disclosure and VDB's
Stuart Moore
smoore at securityglobal.net
Tue Aug 23 18:07:39 EDT 2005
Curiously, I cannot find disclosure ("responsible" or not) of this
vulnerability on the vendor's product page ...
Stuart
Stuart Moore wrote:
> Ah, the view from the comfort of your own blog!
>
> Stuart
>
>
> Steven M. Christey wrote:
>
>> A recent blog entry by Dana Epp calls SecurityFocus to task for
>> publishing a BID on a third party researcher's report of a buffer
>> overflow that had not been coordinated with the vendor:
>>
>> Please act more responsibly "AT ma CA". And you too Symantec (the
>> owners of Security Focus). You aren't helping the industry when you
>> do this. You hurt it.
>>
>> http://silverstr.ufies.org/blog/archives/000849.html
>>
>>
>> Given the growing frequency of these kinds of complaints, it feels
>> like vuln DB's are going to be visibly targeted one of these days.
>>
>> - Steve
>>
>
More information about the VIM
mailing list