[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Re: Publishing exploit code - what is it good for
- To: Aviram Jenik <aviram@xxxxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] Re: Publishing exploit code - what is it good for
- From: Skip Carter <skip@xxxxxxxxxxx>
- Date: Thu, 30 Jun 2005 11:18:52 -0700
> I recently had a discussion about the concept of full disclosure with one of
> the top security analysts in a well-known analyst firm. Their claim was that
> companies that release exploit code (like us, but this is also relevant for
> bugtraq, full disclosure, and several security research firms) put users at
> risks while those at risk gain nothing from the release of the exploit.
> reluctant. Their claim was that based on their own work experience, a
> security administrator does not have a need for the exploit code itself, and
> the vendor information is enough. The analyst was willing to reconsider their
I think its a question of what the role of the 'security administrator' is
within
the enterprise. If their job is primarily threat evaluation and appropriate
patching/updating in response, then I agree that the publication of an exploit
is not very helpful. If, however, the job is firewall/IDS management or
incident investigation, then having access to actual exploit code is
extremely valuable to have.
--
Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647
Taygeta Network Security Services email: skip@xxxxxxxxxxx
1340 Munras Ave., Suite 314 WWW: http://www.taygeta.net/
Monterey, CA. 93940
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/