[VIM] discuss: secunia footnote

security curmudgeon jericho at attrition.org
Thu Jun 2 17:00:25 EDT 2005



: Well, I can imagine that some of them are able to validate and verify 
: the vulns since some of them are 'fluent C speakers' and they're always 
: looking for people with such skills. But ALL vulns? I don't think that's 
: true...

I am fairly sure they validate and dig into vulnerabilities sometimes, 
just as Christey does. There are times where I get information, dig up a 
changelog entry and move on. Three or four days later Secunia will release 
their advisory with a little more details, and it seems it is from their 
own examination of the code.

But.. how do they validate the high end expensive software? How do they 
validate extremely vague information on closed source products? That is 
where i wonder if the wording is a little far reaching.


More information about the VIM mailing list