Quote:
Originally Posted by camh
I'm no moderator, but IMO it's not really appropriate to disclose a security vulnerability in this fashion..
|
Ok, I'll spare both our energies, and keyboards from the argument of disclosure policies / full disclosure etc. I just told that there's a vulnerability, and I never gave out the bug, or exploit details, as an advisory. Since I am in the security industry, I have first hand information about a few or more bugs that I come across from time to time, considering that I warned for the good, you must either applaud me (for warning everyone) or take pains to use it carefully and/or not use it until it's fixed rather than talking about "non disclosure"
Disclosure in one form or the other eliminates false sense of security, and the bug !
cheers,
kish