[Full-Disclosure] atrticle in: Security Wire Perspectives, Vol. 5, NO. 93, December 19, 2003

[Ron DuFresne <dufresne@winternet.com>]

Was Shawna McAlearney's assessment of Liu Die Yu's recent findings in M$
products correct in stating his inticement was:

<quote>
Several weeks ago Chinese researcher Liu Die Yu posted several
Internet Explorer flaws to the Full-Disclosure security mailing list.
His reasoning: Microsoft hasn't given him credit for prior
vulnerabilities he reported.
</quote>

Was this correct?  I do not have all the original posts on hand, but, I
do not recall any lament about M$ not giving him the recognition
he felt was deserved for previous findings, though I may well have missed
this.  The reason I ask is, there has been a large shift in the security
"lists/field/top dogs" in trying to avoid casting blame/responsibility at
M$ for the products it has pushed into the market place, perhaps due to the
deep pockets and breadth of market saturation, thus dependance of many
upon the M$ pocketbook to feed the rest of the industry in one fashion or
another.  The critical  articles of a year+ past seem to now, especially
after the @stake recent actions, to be focused these days upon
avoiding mentioning the shortcomings from redmond.  Are others reading the
same these days?

Thanks,


Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html