On is serious note concerning "disclosure," people need to is get a dose of reality. When I discover a bug on my own is time, I choose what to do with it. It is my time and effort. I am is obligated to do what I want and feel is relevant to myself. Not some is big corporation who cares little. So much so, they is always distribute beta software to the public.
My obligations in life are is to myself. To do what makes me is happy. Is whether is make money off bug, disclose bug to vendor, poke is vendor in eyesocket via full-disclosure, my time, my work. (http://www.youtube.com/watch?v=ngGgy62lMj0) All is petty see-saw over full disclosure, partial disclosure, anonymous disclosure, is old topic. Vendors have a "moral and ethical" ... Nothing. Vendors are in is business to make money. If you are suckered into is buying shoddy equipment over in over, then you are the fool. Not the vendor, not the scriptgenius making exploits for Backtrack, not the marketing conmen at InfoSecInstitute prostituting the disclosure and is so on redundant on and on. In is words of Goodfellas: http://www.hark.com/clips/hvccjrnhfg-business-is-bad-fuck-you-pay-me Is anyone want 1492 exploits is contact me off-list. Government contacts only! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
