Hi Uwe,
On Sun, May 07, 2006 at 01:46:51PM +0200, Uwe Hermann wrote:
> On Sun, May 07, 2006 at 09:26:34AM +0200, Martin Schulze wrote:
> > Uwe, what did you want to ask the security team?
>
> s/Uwe/Max Vozeler <max@xxxxxxxxxxxx>/ (I think)
Actually I think we might be having a misunderstanding :-)
In writing "bugs that I would like to check with you guys" I was
not thinking of any particular questions to which I'm seeking
answers. Rather: I would like to exchange and share thoughts with
other people who do auditing about whether and how particular
instances of bugs could or could not be exploited.
In some parts this might match the work of the security team,
but in others it actually differs quite a bit: Figuring out the
minutiae of bugs is a very time consuming process and it happens
at a stage where it is not at all clear whether the bug is in
fact a vulnerability, or perhaps only a harmless ordinary bug.
The security team I think is more concerned with and interested
in the outcome of this auditing work (like knowing that there is
indeed a bug, how it can or cannot be exploited and under which
conditions) than in participating in the process. And not to
forget that security people are already very busy :-)
cheers,
Max
|
| 
