[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] no more public exploits

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] no more public exploits
From: chris <chris@xxxxxxxxxxxxx>
Date: Tue, 27 Apr 2004 13:19:44 -0400

Heres my two cents :-/

Exploit code is better kept private.
Advisories should be public.

Why?

Because exploit code is not easy to write depending on the bug. And I for one sure dont want some 'penetration tester' taking my code and plugging it into his automated scanner and collecting the cash. Im far to greedy to watch that happen. Sorry.

NON-Disclosure of Exploit code.
Full-Disclosure of Advisories.

As far as the discussion of sysadmins patching on time or not. All I will say is this . . . if they did patch on time there wouldnt be a www.zone-h.org.

- borg (ChrisR-)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] no more public exploits
  - From: james
- Re: [Full-Disclosure] no more public exploits
  - From: Felipe Cerqueira - skylazart

Prev by Date: RE: [Full-Disclosure] programming
Next by Date: RE: [Full-Disclosure] no more public exploits and general PoC gui de lines
Previous by thread: Re: [Full-Disclosure] no more public exploits
Next by thread: Re: [Full-Disclosure] no more public exploits
Index(es):
- Date
- Thread