[VIM] r0t is back - who's running the betting pool?
Steven M. Christey
coley at mitre.org
Tue Mar 28 00:16:58 EST 2006
OK, so us vuln DBs know that r0t is apparently back. Anybody want to
run the betting pool?
1) When will we see the first vendor dispute in which the vendor
doesn't actually understand XSS and needs to be educated?
2) When will we see the first vendor dispute in which the vendor
claims that the reported SQL injection isn't a problem and we can't
prove that it's nothing more than a forced invalid SQL because r0t
used a ' and nothing else?
3) When will the first threatened lawsuit take place and how quickly
will the vendor retract it once proven wrong?
4) When will we see an issue for a live site or service provider that
theoretically should not be included in vdb's based on editorial
policy but gets included anyway 'cause we're drowning in the
volume?
5) Why is this humorous at all? :-/
Still wishing for a magical r0t-to-CVE automatic converter...
And I'll buy a beer for anyone who's willing to write a generic "so, a
14 year old has reported a blatantly obvious XSS or SQL injection vuln
in your product and you want to sue us" FAQ.
- Steve
More information about the VIM
mailing list