[16497] in bugtraq
Bugs for Beta, EOL'd products
daemon@ATHENA.MIT.EDU (jsl2@JEDITECH.COM)
Fri Sep 1 17:51:21 2000
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.GSO.4.10.10008311802500.17467-100000@stargazer.jeditech.com>
Date: Thu, 31 Aug 2000 18:13:19 -0700
Reply-To: jsl2@JEDITECH.COM
From: jsl2@JEDITECH.COM
X-To: "Jay D. Dyson" <jdyson@treachery.net>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.GSO.3.96.1000831142857.22070A-100000@crypto>
On Thu, 31 Aug 2000, Jay D. Dyson wrote:
> I don't typically do this, but I feel I must question the validity
> (and even the value) of issuing a DoS advisory on products that are either
> in Beta or no-longer-supported.
I agree, beta == bugs. Not much value publishing bugs for Beta stuff.
(Other than notifying the vendor, that is)
However, I think it is useful to know about vulnurabilities in EOL
(end of life'ed) products, so people who still use them - for whatever reason
- are informed of the problems. Just don't expect any vendor support... and
it is very important to point out in the advisories that something is
no-longer-supported.
-James
