[Owasp-Malaysia] How do you disclose vulnerabilities ethically?
albert_siow at yahoo.com
Wed Mar 23 21:34:22 EDT 2011
This has been widely discussed in SecurityFocus forum, it won't be necessary to discuss here. Further more, this is NOT a Web Security Issue!
--- On Thu, 3/24/11, najmi.zabidi at gmail.com <najmi.zabidi at gmail.com> wrote:
> From: najmi.zabidi at gmail.com <najmi.zabidi at gmail.com>
> Subject: [Owasp-Malaysia] How do you disclose vulnerabilities ethically?
> To: "owasp-malaysia" <owasp-malaysia at lists.owasp.org>
> Date: Thursday, March 24, 2011, 8:57 AM
> This is recent SCADA vulnerabilities publicly disclosed
> Full-disclosure advisories and proof-of-concepts:
> If you track down the thread, the emails later "discuss" on
> disclosure without vendor being notified beforehand.
> De Raadt reponse:
> But I keep wonder why SCADA has to be connected through
> Internet? Does
> "Die Hard 4" not teach you anything?
> Join #ISOC [Internet Society] today and create connections
> Internet Users around the world!
> Simplified Link: http://goo.gl/xmG90
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> OWASP Malaysia Wiki
> OWASP Malaysia Facebook
> OWASP Malaysia Twitter #owaspmy
More information about the Owasp-Malaysia