[VIM] r0t is back - who's running the betting pool?
sullo at cirt.net
Tue Mar 28 00:31:35 EST 2006
Steven M. Christey wrote:
What can i get if i win? someone buys me a beer in vegas?
> 1) When will we see the first vendor dispute in which the vendor
> doesn't actually understand XSS and needs to be educated?
> 2) When will we see the first vendor dispute in which the vendor
> claims that the reported SQL injection isn't a problem and we can't
> prove that it's nothing more than a forced invalid SQL because r0t
> used a ' and nothing else?
> 3) When will the first threatened lawsuit take place and how quickly
> will the vendor retract it once proven wrong
Advisory #3, #5
> 4) When will we see an issue for a live site or service provider that
> theoretically should not be included in vdb's based on editorial
> policy but gets included anyway 'cause we're drowning in the
#1, 3, 4, 5, 6
> 5) Why is this humorous at all? :-/
See 1-4 above... you have to keep a sense of humor!
> And I'll buy a beer for anyone who's willing to write a generic "so, a
> 14 year old has reported a blatantly obvious XSS or SQL injection vuln
> in your product and you want to sue us" FAQ.
how much beer? :-)
http://www.cirt.net/ | http://www.osvdb.org/
More information about the VIM