[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] no more public exploits

To: "chris" <chris@xxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] no more public exploits
From: "Felipe Cerqueira - skylazart" <skylazart@xxxxxxx>
Date: Wed, 28 Apr 2004 09:33:33 -0300 (BRT)

I Agree!!!!

And, if you want check service packs or patchs, all you need is try to
crash it...

Security companies are getting too much money with our "toys".



> Heres my two cents :-/
>
> Exploit code is better kept private.
> Advisories should be public.
>
> Why?
>
> Because exploit code is not easy to write depending on the bug. And I
> for one sure dont want some 'penetration tester' taking my code and
> plugging it into his automated scanner and collecting the cash. Im far
> to greedy to watch that happen. Sorry.
>
> NON-Disclosure of Exploit code.
> Full-Disclosure of Advisories.
>
> As far as the discussion of sysadmins patching on time or not. All I
> will say is this . . .  if they did patch on time there wouldnt be a
> www.zone-h.org.
>
> - borg (ChrisR-)
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>


- skylazart [at] core.cx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] no more public exploits
  - From: gcb33

References:
- Re: [Full-Disclosure] no more public exploits
  - From: chris

Prev by Date: Re: [Full-Disclosure] no more public exploits
Next by Date: RE: [Full-Disclosure] no more public exploits
Previous by thread: Re: [Full-Disclosure] no more public exploits
Next by thread: Re: [Full-Disclosure] no more public exploits
Index(es):
- Date
- Thread