Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

responsible disclosure debate renews;

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 14 Jan 2010 13:09:50 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
January 12, The Register - (International) Frustrated bug hunters to expose a flaw a day for a month. A Russian security firm has pledged to release details of previously undisclosed flaws in enterprise applications it has discovered every day for the remainder of January. Intevydis intends to publish advisories on zero-day vulnerabilities in products such as Zeus Web Server, MySQL, Lotus Domino and Informix and Novell eDirectory between January 11 and February 1, a security blogger reports. As an opener, Intevydis published a crash bug in Sun Directory Server 7.0, along with exploit code. The final line-up of zero-days is still being finalised, but the MySQL buffer overflows and IBM DB2 root vulnerability flaws on the provisional menu sound much tastier than Intevydis's somewhat bland opener. Advisories are due to be published on the Intevydis blog here. Intevydis said it launched its campaign after becoming more and more disillusioned with foot-dragging by vendors when confronted by security flaws in their products. Only one software vendor, Zeus, reportedly worked with Intevydis in developing a patch to be released at the same time as an upcoming advisory from the Russian security firm. Intevydis's stance is likely to reboot the long running debate about the responsible disclosure of security vulnerabilities. An entry on the Intevydis blog accuses software vendors of exploiting researchers as unpaid lackeys. Source: http://www.theregister.co.uk/2010/01/12/enterprise_sec_disclosure_campaign/ 



Thanks,



Ron DuFresne
- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

These things happened. They were glorious and they changed the world...,
and then we fucked up the endgame.    --Charlie Wilson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFLT13xst+vzJSwZikRAk4gAKC7HgmDU3EEi6hJp9UawA8NUiF6AQCfcsRb
Vb0sQMx+r/rznTBr1ywsR/k=
=mIJ3
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: