[VIM] Dana Epp on responsible disclosure and VDB's

Steven M. Christey coley at mitre.org
Tue Aug 23 16:06:39 EDT 2005

A recent blog entry by Dana Epp calls SecurityFocus to task for
publishing a BID on a third party researcher's report of a buffer
overflow that had not been coordinated with the vendor:

  Please act more responsibly "AT ma CA". And you too Symantec (the
  owners of Security Focus). You aren't helping the industry when you
  do this. You hurt it.


Given the growing frequency of these kinds of complaints, it feels
like vuln DB's are going to be visibly targeted one of these days.

- Steve

More information about the VIM mailing list