[301] in bugtraq
Re: Full Disclosure works, here's proof:
daemon@ATHENA.MIT.EDU (Casper Dik)
Fri Dec 2 12:53:44 1994
To: Christopher Klaus <cklaus@shadow.net>
Cc: bugtraq@fc.net
In-Reply-To: Your message of "Thu, 01 Dec 1994 01:07:42 EST."
<199412010607.BAA24445@shadow.net>
Date: Fri, 02 Dec 1994 15:09:23 +0100
From: Casper Dik <casper@fwi.uva.nl>
>Besides Spaf's argument that full disclosure has no proof of being
>productive, I think almost everyone I talked with who works in security
>for their vendor agreed that they try to fix security holes as soon as
>possible, and ones that have been publicly disclosed, would take higher
>priority in the list of patches to create. Only a real bloated and
>beaucratic organization wouldn't make patches ASAP when customers are
>screaming for them.
>
>Anyways, it has been less than a week and here's SCO patches. If 8LGM
>had only reported the bugs to CERT and SCO, who knows how long would we
>have seen the patches?
So, tell me, where did the full disclosure take place?
Apparently SCO feels that the discloure of the fact that there are
bugs was enough to get them of their buts. So it seems that
time-lapsed full disclosure does work.
We have seen no such fixes with the first batch of immediate full-disclosure
8lgm reports.
Casper
