[widdershins] independent security researchers vs
companies ?!
Adrian Sanabria
adrian.sanabria at gmail.com
Fri Sep 9 14:44:19 EDT 2005
Don't get me wrong, I agree with Stuart as well. I was originally replying
from the point of view of the article, not my own personally.
I believe that, as long as software companies treat security researchers as
nuisances (when they opt for responsible disclosure) or threats (when they
opt for full public), they're just going to continue making it harder and
harder on themselves.
--Adrian
On 9/9/05, Gmx Private 01 <gegohouse at gmx.at> wrote:
>
>
> I would also agree with Stuart - while responsible disclosure is
> the best way, the reality of it seems to be that people trying to do
> the right thing are "punished" for their effort. As it is now, a
> little pressure could do wonders for a change in attitude.
>
> Full public disclosure seems the only logical response here.
>
>
> cheers,
>
> gego
>
>
> _______________________________________________
> widdershins mailing list
> widdershins at attrition.org
> http://www.attrition.org/mailman/listinfo/widdershins
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.attrition.org/pipermail/widdershins/attachments/20050909/c547a5d8/attachment.html
More information about the widdershins
mailing list