Re: Re: Uncooperative upstream developers: msg#00018

Download Firefox: Windows, Mac OS X

Re: Re: Uncooperative upstream developers: msg#00018

Subject:	Re: Re: Uncooperative upstream developers

On Mon, Oct 10, 2005 at 09:38:21PM +0200, Javier Fernández-Sanguino Peña wrote:
> Here's what I would say, based on past experience:
> 
> Notes to upstream developers regarding security bugs
> -----------------------------------------------------

[...]

Great! I'll start using that when reporting issues to smaller projects.

When I talk to bigger projects, I think I'll just add something like this to
the top:

****************************************
*               IMPORTANT              *
* PLEASE DO NOT ACT ON OR PUBLISH THIS *
*        UNTIL THE RELEASE DATE        *
****************************************

> 3.- Review the bug and make sure it's relevant. If you don't understand
>     the issue we will gladly describe it to you. We don't usually write
>     exploit code for issues, however, our game is finding bugs, not
>     exploiting them.

I often write some half-baked crash exploit to verify that an issue is a
real issue. Steve sometimes write real exploits.

// Ulf

Special educational offers, white papers, webcasts, podcasts

Free Article: How to use the Scrum project management method with IBM Rational Team Concert and the Jazz platform.

Free Article: Test management with Jazz and IBM Rational Team Concert

WEBCAST: Register for “The Business Benefits of Enterprise Mashups” (Case Study)

WEBCAST: How to deploy and use WebSphere and VMware together” (Case Study)

WHITE PAPER: Writing Good Software Systems Development Use Cases. (Best Practices)

WHITE PAPER: Best practices for software analysis (Best Practices)

DOWNLOAD: Regis ter for Rational Trial Software Download – Rational Team Concert Free Information

<Prev in Thread]	Current Thread	[Next in Thread>

Previous by Date:	Re: Tools - env-overflow, Steve Kemp
Next by Date:	Re: "Build Security In" portal, Ulf Harnhammar
Previous by Thread:	Re: Re: Uncooperative upstream developers, Javier Fernández-Sanguino Peña
Next by Thread:	Re: Re: Uncooperative upstream developers, Steve Kemp
Indexes:	[Date] [Thread] [Top] [All Lists]

^^^ ADDITIONAL NAVIGATION ^^^

Recently Viewed:
jakarta.turbine... security.firewa... audio.devel/200... network.openssh... xfree86.devel/2... user-groups.lin... windows.dotnet.... video.dvdrip.us... freedesktop.dbu... telephony.pbx.a... org.fsf.france.... debian.user.isp... culture.literat... bluez.devel/200... kde.devel.quant... games.ttdpatch.... music.laswell/2... ietf.ldapbis/20... yellowdog.gener... redhat.kickstar... linux.ntop.deve... hardware.avr.av... education.class...

Home | blog view, Court Document Archive | USPTO Patent Archive (NEW!) | advertise | OSDir is an inevitable website. super tiny logo