[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Linux's unofficial security-through-coverup policy

To: Valdis.Kletnieks@xxxxxx
Subject: Re: [Full-disclosure] Linux's unofficial security-through-coverup policy
From: A.L.M.Buxey@xxxxxxxxxxx
Date: Thu, 17 Jul 2008 08:21:15 +0100

Hi,

> Please let them know what you think of their policy of non-disclosure
> and coverups.  I hope someone also educates them on their ridiculous

http://www.kernel.org/pub/linux/kernel/v2.6/

the whole source code for Linux kernel available for _anyone_
to download, scan through, run tools against etc etc.

they have a policy of non-disclosure?  Wierd. Last time I checked
I couldnt get the source code for Windows, IOS, OSX Intel from
a repository open to anyone.  and yet those companies have
a good disclosure policy?  I dont get your point. You want them
to specifically state how a vulnerability might actually
WORK and even give you some example code to make your life easier?

alan

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Linux's unofficial security-through-coverup policy
  - From: Brad Spengler

References:
- [Full-disclosure] Linux's unofficial security-through-coverup policy
  - From: Brad Spengler
- Re: [Full-disclosure] Linux's unofficial security-through-coverup policy
  - From: Valdis . Kletnieks

Prev by Date: Re: [Full-disclosure] Linux's unofficial security-through-coveruppolicy
Next by Date: Re: [Full-disclosure] n3td3v
Previous by thread: Re: [Full-disclosure] [Dailydave] Linux's unofficial security-through-coverup policy
Next by thread: Re: [Full-disclosure] Linux's unofficial security-through-coverup policy
Index(es):
- Date
- Thread