Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DJB's students release 44 *nix software vulnerability advisories

from [D. J. Bernstein] Network Security [Permanent Link]
Subject: Re: DJB's students release 44 *nix software vulnerability advisories
Date: 18 Dec 2004 04:25:11 -0000 
Shu T. Messenger writes:

In each case, Professor Bernstein notified the author of the
vulnerable package on Dec 15 via e-mail. This mail hit Bugtraq on the
16th, giving one day for vendors to provide fixes.


Actually, I sent all of these notifications to the public securesoftware
mailing list (http://securesoftware.list.cr.yp.to) at the same time that
I sent them to the authors. It certainly wasn't my intention to give the
authors an extra day of self-delusion.


Is the class on responsible disclosure next semester perhaps?


If you had bothered to look at the slides on the course web page, you
would have seen a half day dedicated to the topic, plus some examples on
subsequent days of how people react to full disclosure when they're
trying to protect their shoddy security practices.

The reason that the 16 students sent their 91 reports to me privately is
so that they wouldn't have to deal with people like you. It was entirely
my decision to send out these 44 public notices.

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ GLSA 200412-13 ] Samba: Integer overflow, Sune Kloppenborg Jeppesen
Next by Date:  Multiple Vulnerabilities In Kayako eSupport v2.x, GulfTech Security
Previous by Thread:  Re: DJB's students release 44 *nix software vulnerability advisories, Julian T J Midgley
Next by Thread:  Re: DJB's students release 44 *nix software vulnerability advisories, Artem Chuprina
Indexes:  [Date] [Thread] [Top] [All Lists]