[VIM] Dana Epp on responsible disclosure and VDB's

Steven M. Christey coley at mitre.org
Tue Aug 23 16:06:39 EDT 2005


A recent blog entry by Dana Epp calls SecurityFocus to task for
publishing a BID on a third party researcher's report of a buffer
overflow that had not been coordinated with the vendor:

  Please act more responsibly "AT ma CA". And you too Symantec (the
  owners of Security Focus). You aren't helping the industry when you
  do this. You hurt it.

  http://silverstr.ufies.org/blog/archives/000849.html


Given the growing frequency of these kinds of complaints, it feels
like vuln DB's are going to be visibly targeted one of these days.

- Steve


More information about the VIM mailing list