how we will measure which one is major and which not ? major for you is minor for me and vice versa. if we agree that XSS are vulns (i personally agree) then they deserve to be reported. Just look at the subject of the message that report a XSS and choose to read it or to not read it. XSS are based on bad code practices .. some day the programmers will learn to not make such mistakes if we point them. if we ignore them .... well security is not based on ignorance. Aaron Gray wrote: > Major ones could still be reported on the other lists. > > Aaron > >> something like xsstraq powered on securityfocus should be cleaner yep :) >> >>> Maybe there should be a special XSS list that could specialize in >>> that area ? > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ Javor Ninov aka DrFrancky drfrancky shift+2 securax.org
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/