The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


oracle not only offeder - researchers NOT responsible?


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Sun, 11 Dec 2005 02:38:52 +0200
From: Gadi Evron <ge@linuxbox.org.>
To: [email protected]
Subject: oracle not only offeder - researchers NOT responsible?
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeded SMTP AUTH authentication, not delayed by milter-greylist-1.7.5 (linuxbox.org [24.155.83.21]); Sat, 10 Dec 2005 18:39:59 -0600 (CST)
X-Virus-Scanned: antivirus-gw at tyumen.ru

The following is a very well researched text from Matthew Murphy's blog 
discussing the matter of disclosing vulnerabilities to many vendors (and 
specifically Microsoft). Further, as I understand it, he shows how 
vendors today use terms such as "responsible disclosure" to scare 
researchers and claim they are NOT responsible if they don't do it their 
way.

While I certainly did not dispute the facts that David Litchfield showed 
of Oracle's behaviour, I did not agree with how he did it or that Oracle 
is alone.

Oracle is not the only offender, and while I agree that Microsoft has 
come a LONG way and takes security a whole lot more seriously than they 
used to.. they still seem to not understand the security community and 
treat security as a PR problem.

He shows specific cases and vulnerabilities, and is worth a read. Quite 
Refreshing and very informative.

http://blogs.securiteam.com/index.php/archives/133

        Gadi.

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру