[SC-L] On exploits, hubris, and software security
Blue Boar
BlueBoar at thievco.com
Fri Nov 3 12:50:10 EST 2006
Gary McGraw wrote:
> The main thing I wonder is, what do you think? When you have a hot
> demonstration of an exploit, how do you responsibly release it? What
> role do such demonstrations play in moving software security forward?
To pick one extreme, I believe there are times when intentionally
blindsiding a vendor is appropriate:
http://ryanlrussell.blogspot.com/2006/11/you-want-mac-wireless-bugs.html
BB
More information about the SC-L
mailing list