Re: Full Disclosure works, here's proof:

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: carson@lehman.com: "pt_chmod"
• Previous message: Nathan Lawson: "Re: For example ..."
• In reply to: Christopher Klaus: "Full Disclosure works, here's proof:"
• Next in thread: Christopher Klaus: "Re: Full Disclosure works, here's proof:"

>Besides Spaf's argument that full disclosure has no proof of being
>productive, I think almost everyone I talked with who works in security
>for their vendor agreed that they try to fix security holes as soon as
>possible, and ones that have been publicly disclosed, would take higher
>priority in the list of patches to create.  Only a real bloated and
>beaucratic organization wouldn't make patches ASAP when customers are
>screaming for them. 
>
>Anyways, it has been less than a week and here's SCO patches.  If 8LGM
>had only reported the bugs to CERT and SCO, who knows how long would we 
>have seen the patches? 

So, tell me, where did the full disclosure take place?

Apparently SCO feels that the discloure of the fact that there are
bugs was enough to get them of their buts.  So it seems that
time-lapsed full disclosure does work.

We have seen no such fixes with the first batch of immediate full-disclosure
8lgm reports.

Casper

• Next message: carson@lehman.com: "pt_chmod"
• Previous message: Nathan Lawson: "Re: For example ..."
• In reply to: Christopher Klaus: "Full Disclosure works, here's proof:"
• Next in thread: Christopher Klaus: "Re: Full Disclosure works, here's proof:"