[Full-Disclosure] satire on vendor responses

[Georgi Guninski <guninski@xxxxxxxxxxxx>]

here is some satire how some vendors may respond to reported security
problems.

completely fictional, any resemblance to real world or real events is just
a halucination.


1.
http://www.microsoft.com
financial empire waiting for the fate of previous empires

automated response "thanks for being a free beta tester!"
the media is told "bug hunters" are irresponsible cyber terrorists.
have enough money and enough brain to shutdown hotmail accounts.
later a patch is produced, in some cases introducing more problems.
visiting malicous web sites is not real exploit scenario.

2.
http://www.openbsd.org
Theo Deraddt, author of only one remote hole in 2^32 years.

imaginary quotes from fabricated email:
---------------------
From: Theo de Raadt 

it is just a crash.

> btw, Ted Unangst <tedu@> seems better than you in PR
> bug handling. have you thought about outsourcing the PR bug handling
> to him?

he is not better at it.  he only works in certain areas.  but i work
all over the place, and can spray an issue out to the revelant people
very often.  i'm always around...
----------------------

----------------------
From: Theo de Raadt <deraadt@xxxxxxxxxxxxxxx>

and I TOLD you to hold off

and then you didn't.

Look, you release bugs not to help us.  You do it for yourself.

Don't take me for a fool.
---------------------------

// end of fabricated quotes


3. 
http://www.kernel.org
Linus Torvalds, an engineer, some funny quotes on wikiquotes.

Linus: "hmmmm, there might be more ones like this. how did you find it?"

4. 
http://www.mozilla.org
Let there be dragons and foxen

mozilla: "we give cash for security bugs"


-- 
where do you want bill gates to go today?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html