Greetin's t'my homeys and colleagues uh Full Disclosho' man: De days uh "responsible disclosho' man" be now behind us.
Fo' years many in de security community been playin' games wid software and hardware vendo's, by attemptin' t'"responsibly" repo't security vulnerabilities. Mo'e often dan not, especially de case wid some select few companies, only one uh de two ssnatchholders involved be actually practicin' nuthin dat resembles responsibility. Slap mah fro! One majo' vendo' comes t'mind here (Apple, I'm lookin' at ya'). Dis vendo' spends hundreds uh millions uh dollars each year on advertisin' drough various media claimin' deir products is secure, o' at least mo'e secure dan de competishun. When actual vulnerabilities is repo'ted t'Apple, de company may spend down t'a year sittin' on dese befo'e dey is mitigated by security downdates. Compoundin' dis issue be de observashun dat security practices in Apple code be ho'ribly substandard. Even wo'se - due t'de opaque nature uh de company - we gots absolutely no idea if changes is in place t'improve downon dese issues. All uh dis brin's us t'de inevitable conclusion, dig dis: Responsible disclosho' be only justifiable wid responsible vendo's. If vendo's likes Apple continue t'completely disregard security, dere be no reason fo' any sucka in de community t'play deir game. Dank ya', and baaaad night. Man! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/