[VIM] HP & an interesting comment
security curmudgeon
jericho at attrition.org
Tue May 8 03:58:38 UTC 2007
In a private e-mail discussion regarding vulnerability disclosure, this
comment was made. I asked to forward to VIM and anonymize, the researchers
in question agreed. Since we are keeping track of vendor threats, this is
fringe related I think.
---------- Forwarded message ----------
Date: Mon, 7 May 2007 20:31:43 -0700
I had a very interesting phone conversation with HP a couple months ago
when I reported a vuln that [researcher] found (not fixed yet). They
definately need a clue. In fact the person handling the case even went
out of his way to state; "You know we are the company that sued a
researcher right". I said yes, and you know that we have various
partnerships and are a X billion a year company right?
I honestly think that many vendors will attempt to bully the smaller
researchers because they can while the bigger companies are left alone.
More information about the VIM
mailing list