On Mon, 2004-04-05 at 01:05, J.A. Terranson wrote: > 2 on the Troll-O-Meter. Thanks for playing though. Hey, I wasn't trying to troll. I was actually seriously thinking about it. Being relatively new to the security scene I thought it was a valid question. I know the list has degraded somewhat over the past few months but you don't have to have a go at me just for asking a question. I thought the full-disclosure list would be the most appropriate place to ask this sort of question, as I know the majority of the people on this list use sensible disclosure techniques such as RFPolicy. However, if you go to a developer and say 'here is an exploit, you have X days to fix it until I go public', couldn't this be twisted into some sort of blackmail? I'm just trying to think everything through before I start my own research. Cheers, Martin
Attachment:
signature.asc
Description: This is a digitally signed message part