[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Fw: Earth to Facebook

To: upsploit advisories <upsploitadvisories@xxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Fw: Earth to Facebook
From: Michal Zalewski <lcamtuf@xxxxxxxxxxx>
Date: Mon, 19 Mar 2012 10:28:40 -0700

> The only other people that see the vulnerability are the select few in
> upSploit.

OK. You should probably document that, and make it clear that this
policy will not change without the reporter's explicit consent.

It's an interesting project - but you guys are working for security
software vendors and security consultancies, so I think it's important
to clarify.

> Use it once for something you may not care about to much and see how it
> works for you.

Well, that's not the point - the real question is what happens with
valuable vulnerabilities. But really, I'm not criticizing.

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Fw: Earth to Facebook
  - From: upsploit advisories
- Re: [Full-disclosure] Fw: Earth to Facebook
  - From: Michal Zalewski
- Re: [Full-disclosure] Fw: Earth to Facebook
  - From: upsploit advisories

Prev by Date: [Full-disclosure] LiteSpeed <= 4.1.11 Admin panel XSS
Next by Date: Re: [Full-disclosure] The Mystery of the Duqu Framework
Previous by thread: Re: [Full-disclosure] Fw: Earth to Facebook
Next by thread: [Full-disclosure] Android wipe unreliable
Index(es):
- Date
- Thread