Without replying to each troll, individually, I thought maybe some people would like to see some answers to some notes.
These are my own comments, I speak for myself. Question: "Why release all of the details" Answer: Polls show this is what administrators what. This is one reason we do this. Another reason we do this is simple, we use the details ourselves. We use the details to create signatures for our vulnerability assessment tool and firewall. Security administrators then download these signatures and use them to check for patches or to protect systems which can not yet be patched. It does not matter if it is eEye you are talking about in this scenario, or one of our competitors. This is the "behind the scenes" picture of what happens when a patch is released. When we - or our competitors - do not have full details on a vulnerability, we have to reverse engineer the patch to do so. And, we all do this. So, people complaining about us releasing all of the details... They simply are ignorant of what must be done in this process. They like to scream and shout about how a worm will be coming and such, nevermind that they don't even understand our advisories in the first place. And if this does not make it all incredibly clear, let's spell it out for them: we can reverse engineer the patches and have to... If virus writers want to, they can, too, as well. Question/Comment: "Wow, Microsoft kept this for six months!" Answer: People have not been paying attention. Look at our advisories. We have reported dates and release dates. Microsoft's average is now getting to be about six months. It used to be three months. Here and there they would do a six month patch. Now, the full average is creeping towards there. It is akin to a backdoor in their OS. It is shameful. It drives away some researchers who don't want to wait six months. It puts a grave responsibility on every software vendor. How many "backdoors" do you really think the NSA has [to use a popular urban myth]? How many "backdoors" do you think your typical security company has? Question/Comment: "What is this thing with rapping?" Answer: We have had these kinds of things in our advisories since we started releasing them way back when. Derek, at times, feels the need to bust a rhyme. You are not going to stop him. And, I have tried. Knives, ropes, pits, strangulation. He is quite wily. Question/Comment: "You Guys Are Doing This For the Money and Fame! " Answer: If we were doing this from corrupt motives we would be in the Bahamas right now. Come on. Don't be stupid. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
