[15616] in cryptography@c2.net mail archive
Re: Is finding security holes a good idea?
daemon@ATHENA.MIT.EDU (Thor Lancelot Simon)
Tue Jun 15 14:52:30 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 15 Jun 2004 02:32:56 -0400
From: Thor Lancelot Simon <tls@rek.tjls.com>
To: cryptography@metzdowd.com
Reply-To: tls@rek.tjls.com
In-Reply-To: <kjy8mqji00.fsf@romeo.rtfm.com>
On Mon, Jun 14, 2004 at 08:07:11AM -0700, Eric Rescorla wrote:
> in the paper.
>
> Roughly speaking:
> If I as a White Hat find a bug and then don't tell anyone, there's no
> reason to believe it will result in any intrusions. The bug has to
I don't believe that the premise above is valid. To believe it, I think
I'd have to hold that there were no correlation between bugs I found and
bugs that others were likely to find; and a lot of experience tells me
very much the opposite.
Thor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
