[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Vulnerabilities in some SCADA server softwares

To: "J. Oquendo" <sil@xxxxxxxxxxxxxxx>
Subject: Re: Vulnerabilities in some SCADA server softwares
From: Luigi Auriemma <aluigi@xxxxxxxxxxxxx>
Date: Mon, 21 Mar 2011 20:02:31 +0000

> At what point in time did you try contacting any of the vendors for
> these issues?

the vendors of the affected softwares have not been contacted.


> How do you propose a manufacturer fix an issue?

in the security field a public vulnerability is a dead vulnerability,
anyone who has found and released at least one security bug in his life
knows it and knows to what I refer.

90% of the job of fixing a bug is just finding it first, I have even
showed the details, the causes and the ways to replicate them.


> Where in any of your advisories did you take the time to let a company
> know: "hey you guys have some potential issues, here they are!!!"

I have done it in the exact moment that I have uploaded my advisories on
my website making anyone aware of the problems, included the same
vendors that now can fix them.


--- 
Luigi Auriemma
http://aluigi.org

References:
- Vulnerabilities in some SCADA server softwares
  - From: Luigi Auriemma
- Re: Vulnerabilities in some SCADA server softwares
  - From: J. Oquendo

Prev by Date: Re: Vulnerabilities in some SCADA server softwares
Next by Date: [SECURITY] [DSA 2197-1] quagga security update
Previous by thread: Re: Vulnerabilities in some SCADA server softwares
Next by thread: Re: Vulnerabilities in some SCADA server softwares
Index(es):
- Date
- Thread