[VIM] Responsible Disclosure Article
Steven M. Christey
coley at linus.mitre.org
Thu Sep 28 14:37:29 EDT 2006
On Sat, 16 Sep 2006, security curmudgeon wrote:
> I noticed a year or two ago that some of the big vendors (I think it was
> 'Real' originally) were reporting multiple researchers discovered an issue
> in the advisory. This made me wonder how often that occured, where
> multiple creditees were recognized for a big issue.
Like you, I don't have stats, but this does seem to happen more
frequently. Probably a combination of an increase in the number of
researchers as well as improvements in tools and techniques?
> If two researchers (or more) can find the same bug, and both can sit on
> it for months at a time.. then we would be stupid to believe it stopped
Agreed. And all the recent zero-days show that people ARE looking and
finding things that the public research community hasn't.
More information about the VIM