[VIM] Bogus RFI Reports Getting Out of Hand
bugtraq at cgisecurity.net
bugtraq at cgisecurity.net
Mon Jan 8 02:16:40 EST 2007
> : Should the moderators be performing analysis of each post in detail
> : before allowing it to post? I'm thinking this would drag out the
> : postings to the point of being lagged weeks behind the other lists. Have
>
> I don't. The moderation is already a bit slow at times, especially on
> holidays or anytime there is a transition between moderators.
> Unfortunately, they really can't even take my suggestion to heart because
> it would likely block a handful of legitimate disclosures, and that
> doesn't fly.
Have they responded to emails about specific vulnerabilities by VIM by updating vulns posted on their site?
> : you considered making a list of bogus vuln authors and forwarding them
> : to the list moderators?
>
> Yes. OSVDB is adding all of these bogus reports to our database and
> tracking creditee with the intent of being able to easily generate such a
> list for many purposes, including that.
>
> Call me a bastard, but i'd like to see the people *repeatedly* posting
> bogus RFI bugs get harassed more so they stop posting without validating
> their findings.
Maybe you should draft up a top ten bogus vuln finders article and post it to the lists :)
It would be interesting to see statistics regarding if the 'disclosure' knew it was fake, or if they thought it was real.
- zeno
http://www.cgisecurity.com/ Application Security news, and more
http://www.cgisecurity.com/index.rss [RSS Security Feed]
More information about the VIM
mailing list