[VIM] Vendor dispute - CVE-2006-1050 (Kwik-Pay)
Aviram Jenik
aviram at beyondsecurity.com
Thu Feb 15 04:11:30 EST 2007
On Thursday 15 February 2007 07:45, Steven M. Christey wrote:
> Oh yeah, Gadi/Aviram - Brian and I have adopted an informal policy of
> stripping out vendor email addresses for disputes, since some might be
> private.
>
> CVE has no opinion on this dispute.
Then "CVE" must have much more patience than I do :-)
Not sure how you resolve cases like this (when it's obvious the vendor is
talking out of his ass) but what we usually do is add the vendor's response
to the advisory - verbatim. This way the vendor gets his say, and his
customers get to see how stupid he really is. Seems like a win-win to us.
>
> - Steve
>
- Aviram
More information about the VIM
mailing list