Date: Sun, 26 Jul 2015 07:55:54 +1000 (EST) From: Dave Horsfall <dave@...sfall.org> To: oss-security@...ts.openwall.com Subject: Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser On Sat, 25 Jul 2015, Leif Nixon wrote: > What many people don't seem to realize is how much the availability of > ready-to-run exploits increases the risk to innocent bystanders. Although a supporter of full disclosure (it was the only way to get MS to fix their egregious bugs), I'd be really pissed off if I woke up one morning to find my system r00ted because some idiot got his jollies by announcing the exploit at the same time as the patch. What would be a reasonable interval (for some definition of "reasonable") in that case? 24 hours? 48 hours? 0 hours? I seem to recall that we had this discussion a few years ago... -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer" Watson never said "I think there is a world market for maybe five computers."
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ