[VIM] Vendor dispute - CVE-2006-1050 (Kwik-Pay)

Aviram Jenik aviram at beyondsecurity.com
Thu Feb 15 04:11:30 EST 2007


On Thursday 15 February 2007 07:45, Steven M. Christey wrote:
> Oh yeah, Gadi/Aviram - Brian and I have adopted an informal policy of
> stripping out vendor email addresses for disputes, since some might be
> private.
>
> CVE has no opinion on this dispute.

Then "CVE" must have much more patience than I do :-)

Not sure how you resolve cases like this (when it's obvious the vendor is 
talking out of his ass) but what we usually do is add the vendor's response 
to the advisory - verbatim. This way the vendor gets his say, and his 
customers get to see how stupid he really is. Seems like a win-win to us.

>
> - Steve
>

- Aviram


More information about the VIM mailing list