[VIM] Bogus RFI Reports Getting Out of Hand

bugtraq at cgisecurity.net bugtraq at cgisecurity.net
Mon Jan 8 02:16:40 EST 2007

> : Should the moderators be performing analysis of each post in detail 
> : before allowing it to post? I'm thinking this would drag out the 
> : postings to the point of being lagged weeks behind the other lists. Have 
> I don't. The moderation is already a bit slow at times, especially on 
> holidays or anytime there is a transition between moderators. 
> Unfortunately, they really can't even take my suggestion to heart because 
> it would likely block a handful of legitimate disclosures, and that 
> doesn't fly.

Have they responded to emails about specific vulnerabilities by VIM by updating vulns posted on their site?

> : you considered making a list of bogus vuln authors and forwarding them 
> : to the list moderators?
> Yes. OSVDB is adding all of these bogus reports to our database and 
> tracking creditee with the intent of being able to easily generate such a 
> list for many purposes, including that.
> Call me a bastard, but i'd like to see the people *repeatedly* posting 
> bogus RFI bugs get harassed more so they stop posting without validating 
> their findings.

Maybe you should draft up a top ten bogus vuln finders article and post it to the lists :)
It would be interesting to see statistics regarding if the 'disclosure' knew it was fake, or if they thought it was real.

- zeno
http://www.cgisecurity.com/ Application Security news, and more
http://www.cgisecurity.com/index.rss [RSS Security Feed]

More information about the VIM mailing list