[251] in bugtraq
Re: In reply to comments about new policy
daemon@ATHENA.MIT.EDU (Greg Woods)
Tue Nov 29 16:39:18 1994
To: neil@legless.demon.co.uk (Neil Woods)
Date: Tue, 29 Nov 94 11:18:06 MST
Cc: bugtraq@fc.net
In-Reply-To: <m0rCHck-000AfbC@legless.demon.co.uk>; from "Neil Woods" at Nov 29, 94 1:44 am
From: woods@ncar.ucar.edu (Greg Woods)
I think you need to define what you mean by "full disclosure" here. I'm
all in favor of immediate disclosure of holes and descriptions of how
to exploit them, but I am against including with the first disclosure
actual programs and scripts that make it trivial for any bozo who
hasn't a clue to exploit the holes. Should I vote "yes" or "no" to
express that opinion?
--Greg (root@ucar.edu)