[Owasp-Malaysia] How do you disclose vulnerabilities ethically?

Albert Siow albert_siow at yahoo.com
Wed Mar 23 21:34:22 EDT 2011


Guy,
 This has been widely discussed in SecurityFocus forum, it won't be necessary to discuss here. Further more, this is NOT a Web Security Issue!


--- On Thu, 3/24/11, najmi.zabidi at gmail.com <najmi.zabidi at gmail.com> wrote:

> From: najmi.zabidi at gmail.com <najmi.zabidi at gmail.com>
> Subject: [Owasp-Malaysia] How do you disclose vulnerabilities ethically?
> To: "owasp-malaysia" <owasp-malaysia at lists.owasp.org>
> Date: Thursday, March 24, 2011, 8:57 AM
> Hi,
> 
> This is recent SCADA vulnerabilities publicly disclosed
> 
> Full-disclosure advisories and proof-of-concepts:
> 
> http://seclists.org/bugtraq/2011/Mar/187
> 
> 
> If you track down the thread, the emails later "discuss" on
> public
> disclosure without vendor being notified beforehand.
> 
> De Raadt reponse:
> http://seclists.org/bugtraq/2011/Mar/236
> 
> 
> But I keep wonder why SCADA has to be connected through
> Internet? Does
> "Die Hard 4" not teach you anything?
> 
> 
> 
> 
> 
> -- 
> Join #ISOC [Internet Society] today and create connections
> with
> Internet Users around the world!
> 
> Simplified Link: http://goo.gl/xmG90
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
> 
> OWASP Malaysia Wiki
> http://www.owasp.my
> 
> OWASP Malaysia Facebook
> http://www.facebook.com/OWASP.Malaysia
> 
> OWASP Malaysia Twitter #owaspmy
> http://www.twitter.com/owaspmy
> 


      


More information about the Owasp-Malaysia mailing list