[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Firefox Remote Compromise Leaked

To: full-disclosure@xxxxxxxxxxxxxxxxx, jasonc@xxxxxxxxxxx
Subject: Re: [Full-disclosure] Firefox Remote Compromise Leaked
From: Vincent van Scherpenseel <mailinglists@xxxxxxxxxxxxxxxxxx>
Date: Sun, 8 May 2005 11:02:24 +0200

On Sunday 08 May 2005 10:14, Jason Coombs wrote:

> Nothing at all would have been gained by delaying disclosure, other than
> to give attackers a bigger window of opportunity to mount successful
> attacks and design new exploits that will launch successfully against a
> completely unprepared computing public.

Most of the time disclosure is delayed to allow the vendor to fix a security 
bug. If you find a security bug and give the vendor five days to fix it 
before you release the disclosure advisory there's a smaller chance that the 
vulnerability will be exploited by malicious people.

Full disclosure works because it forces vendors to actually fix a security 
problem, and delaying a disclosure for a couple of days doesn't hurt that way 
of working.

 - Vincent van Scherpenseel

-- 
http://vincent.vanscherpenseel.nl/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Firefox Remote Compromise Leaked
  - From: Bipin Gautam

References:
- [Full-disclosure] Firefox Remote Compromise Leaked
  - From: tuytumadre
- Re: [Full-disclosure] Firefox Remote Compromise Leaked
  - From: Jason Coombs

Prev by Date: Re: [Full-disclosure] Firefox Remote Compromise Leaked
Next by Date: [Full-disclosure] 32-bit qmail fun (qmail-pop3d)
Previous by thread: Re: [Full-disclosure] Firefox Remote Compromise Leaked
Next by thread: Re: [Full-disclosure] Firefox Remote Compromise Leaked
Index(es):
- Date
- Thread