The person in question should never have written a message about an open vulnerability into a public mailing list in the first place. Just because they did doesn't mean that you should ask for PoCs in public mailing lists, there's a multitude of issues with that. To make it perfectly clear, I'm not defending this person, I seriously doubt the seriousness of their statements and a lot of what they're saying makes no sense at all and looks like trying to maintain an image of competence while knowing little, but responsible disclosure still applies. If this person has a vulnerability to report, they should do so with the information listed at http://www.valvesoftware.com/security/. And I think I know what I'm talking about seeing as I have two Finder's Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners
On 10.10.2017 17:08, Vaya wrote: > I think someone needs to ‘stealth mode’ out of this email chain. This > is just noise without a repeatable Test > > Sent from my iPhone > > On 10 Oct 2017, at 16:01, PistonMiner <[email protected] > <mailto:[email protected]>> wrote: > >> If you have a vulnerability to report, don't do it in a public >> mailing list. Report it directly to Valve, and no place else. This >> conversation has so many problems, but asking for a PoC in a *public* >> mailing list is one of them. Look up responsible disclosure. (I >> should note though, at this point I am not convinced a vulnerability >> even exists.) >> >> -- >> PistonMiner (Linus S.) >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> <mailto:[email protected]> >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers -- PistonMiner (Linus S.)
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
