[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

oracle not only offeder - researchers NOT responsible?

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: oracle not only offeder - researchers NOT responsible?
From: Gadi Evron <ge@xxxxxxxxxxxx>
Date: Sun, 11 Dec 2005 02:38:52 +0200

The following is a very well researched text from Matthew Murphy's blog discussing the matter of disclosing vulnerabilities to many vendors (and specifically Microsoft). Further, as I understand it, he shows how vendors today use terms such as "responsible disclosure" to scare researchers and claim they are NOT responsible if they don't do it their way.

While I certainly did not dispute the facts that David Litchfield showed of Oracle's behaviour, I did not agree with how he did it or that Oracle is alone.

Oracle is not the only offender, and while I agree that Microsoft has come a LONG way and takes security a whole lot more seriously than they used to.. they still seem to not understand the security community and treat security as a PR problem.

He shows specific cases and vulnerabilities, and is worth a read. Quite Refreshing and very informative.

http://blogs.securiteam.com/index.php/archives/133

        Gadi.

Prev by Date: Re: Re: [KAPDA::#16] - SMF SQL Injection
Next by Date: Re: Re: [KAPDA::#16] - SMF SQL Injection
Previous by thread: Re: [Full-disclosure] [scip_Advisory] NetGear RP114 Flooding Denial ofService
Next by thread: [USN-227-1] xpdf vulnerabilities
Index(es):
- Date
- Thread