[VIM] Dana Epp on responsible disclosure and VDB's
Steven M. Christey
coley at mitre.org
Tue Aug 23 16:06:39 EDT 2005
A recent blog entry by Dana Epp calls SecurityFocus to task for
publishing a BID on a third party researcher's report of a buffer
overflow that had not been coordinated with the vendor:
Please act more responsibly "AT ma CA". And you too Symantec (the
owners of Security Focus). You aren't helping the industry when you
do this. You hurt it.
Given the growing frequency of these kinds of complaints, it feels
like vuln DB's are going to be visibly targeted one of these days.
More information about the VIM