[SC-L] [WEB SECURITY] RE: blog post and open source vulnerabilities to blog about
Matt Parsons
mparsons1980 at gmail.com
Tue Mar 16 15:52:04 EDT 2010
I am not suggesting exposing zero days. I only want known vulnerabilities
in applications like web goat etc that are known to everyone. I don't even
plan on naming where each vulnerability comes from but rather instead change
the code to protect the innocent. I would never encourage promoting sharing
zero days. I hope this clears it up.
Thanks,
Matt
Matt Parsons, MSM, CISSP
315-559-3588 Blackberry
817-294-3789 Home office
"Do Good and Fear No Man"
Fort Worth, Texas
A.K.A The Keyboard Cowboy
<mailto:mparsons1980 at gmail.com> mailto:mparsons1980 at gmail.com
<http://www.parsonsisconsulting.com> http://www.parsonsisconsulting.com
<http://www.o2-ounceopen.com/o2-power-users/>
http://www.o2-ounceopen.com/o2-power-users/
<http://www.linkedin.com/in/parsonsconsulting>
http://www.linkedin.com/in/parsonsconsulting
<http://parsonsisconsulting.blogspot.com/>
http://parsonsisconsulting.blogspot.com/
<http://www.vimeo.com/8939668> http://www.vimeo.com/8939668
0_0_0_0_250_281_csupload_6117291
untitled
From: Arshan Dabirsiaghi [mailto:arshan.dabirsiaghi at aspectsecurity.com]
Sent: Tuesday, March 16, 2010 2:49 PM
To: McGovern, James F. (P+C Technology); Matt Parsons;
OWASPDallas at utdallas.edu
Cc: websecurity at webappsec.org; SC-L at securecoding.org
Subject: RE: [WEB SECURITY] RE: [SC-L] blog post and open source
vulnerabilities to blog about
I'm not sure Matt was suggesting burning sharing 0days, but if he was, I
think he should not be discouraged. I think disclosure preference should be
something like a "protected class" within OWASP.
Arshan
From: McGovern, James F. (P+C Technology)
[mailto:James.McGovern at thehartford.com]
Sent: Tuesday, March 16, 2010 2:36 PM
To: Matt Parsons; OWASPDallas at utdallas.edu
Cc: websecurity at webappsec.org; SC-L at securecoding.org
Subject: [WEB SECURITY] RE: [SC-L] blog post and open source vulnerabilities
to blog about
This doesn't feel like responsible disclosure and is not the way to announce
weaknesses in software. It is best to deal with scenarios that have already
been addressed.
_____
From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org]
On Behalf Of Matt Parsons
Sent: Tuesday, March 16, 2010 11:41 AM
To: OWASPDallas at utdallas.edu
Cc: websecurity at webappsec.org; SC-L at securecoding.org
Subject: [SC-L] blog post and open source vulnerabilities to blog about
Hello,
I am working on a software security blog and I am trying to find open source
vulnerabilities to present and share. Does anyone else have any open source
vulnerabilities that they could share and talk about? I think this could
be the best way to learn in the open source community about security. I
have a few but I would like to blog about a different piece of code almost
every day.
God Bless.
Matt
http://parsonsisconsulting.blogspot.com/
Matt Parsons, MSM, CISSP
315-559-3588 Blackberry
817-294-3789 Home office
"Do Good and Fear No Man"
Fort Worth, Texas
A.K.A The Keyboard Cowboy
mailto:mparsons1980 at gmail.com
http://www.parsonsisconsulting.com
http://www.o2-ounceopen.com/o2-power-users/
http://www.linkedin.com/in/parsonsconsulting
http://parsonsisconsulting.blogspot.com/
http://www.vimeo.com/8939668
0_0_0_0_250_281_csupload_6117291
untitled
************************************************************
This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential and/or privileged
information. If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited. If you
are not the intended recipient, please notify the sender immediately by
return e-mail, delete this communication and destroy all copies.
************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://krvw.com/pipermail/sc-l/attachments/20100316/dfb1c096/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1719 bytes
Desc: not available
URL: <http://krvw.com/pipermail/sc-l/attachments/20100316/dfb1c096/attachment-0004.jpeg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 2000 bytes
Desc: not available
URL: <http://krvw.com/pipermail/sc-l/attachments/20100316/dfb1c096/attachment-0005.jpeg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1719 bytes
Desc: not available
URL: <http://krvw.com/pipermail/sc-l/attachments/20100316/dfb1c096/attachment-0006.jpeg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 2000 bytes
Desc: not available
URL: <http://krvw.com/pipermail/sc-l/attachments/20100316/dfb1c096/attachment-0007.jpeg>
More information about the SC-L
mailing list