From: Joxean Koret (joxeankoret@yahoo.es)
Date: Wed Oct 31 2007 - 20:03:10 EST
Hi,
Make it public *only* if you're sure you will be free of problems after
it... If it will cause you any kind problem you should ignore it.
Joxean Koret
On miƩ, 2007-10-31 at 17:00 +0000, jfvanmeter@comcast.net wrote:
> Hello Everyone, I would llike to get your thoughts on Full Disclosure of Security Vulnerabilities . About 3 weeks ago during a per-test of a software suite for a client of myine, I found a directory traversal in a software suite that my client has installed on thousands of workstation.
>
> I send screen shots and a packet capture to the vendor and they were able to to recreate the exploit.
>
> my cleint doesn't want to go public with it because of the thousands of workstations and servers that its installed on. I also don't believe the vendor will go public with it, what would you all do?
>
> Best Regards --John
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
______________________________________________
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y msviles desde 1 cintimo por minuto.
http://es.voice.yahoo.com
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:11 EDT