[Owasp-Malaysia] How do you disclose vulnerabilities ethically?

najmi.zabidi at gmail.com najmi.zabidi at gmail.com
Wed Mar 23 20:57:58 EDT 2011


Hi,

This is recent SCADA vulnerabilities publicly disclosed

Full-disclosure advisories and proof-of-concepts:

http://seclists.org/bugtraq/2011/Mar/187


If you track down the thread, the emails later "discuss" on public
disclosure without vendor being notified beforehand.

De Raadt reponse:
http://seclists.org/bugtraq/2011/Mar/236


But I keep wonder why SCADA has to be connected through Internet? Does
"Die Hard 4" not teach you anything?





-- 
Join #ISOC [Internet Society] today and create connections with
Internet Users around the world!

Simplified Link: http://goo.gl/xmG90


More information about the Owasp-Malaysia mailing list