[VIM] HP & an interesting comment

security curmudgeon jericho at attrition.org
Tue May 8 03:58:38 UTC 2007


In a private e-mail discussion regarding vulnerability disclosure, this 
comment was made. I asked to forward to VIM and anonymize, the researchers 
in question agreed. Since we are keeping track of vendor threats, this is 
fringe related I think.

---------- Forwarded message ----------
Date: Mon, 7 May 2007 20:31:43 -0700

I had a very interesting phone conversation with HP a couple months ago 
when I reported a vuln that [researcher] found (not fixed yet).  They 
definately need a clue.  In fact the person handling the case even went 
out of his way to state; "You know we are the company that sued a 
researcher right".  I said yes, and you know that we have various 
partnerships and are a X billion a year company right?

I honestly think that many vendors will attempt to bully the smaller 
researchers because they can while the bigger companies are left alone.


More information about the VIM mailing list