-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
... really? so everyone who believes in full disclosure is a
blackhat now? by your definition, even those who follow RFPolicy
are blackhats as well. your ethics are severely flawed, and are
malaligned with the philosophies that many security
Hi list,
What are, if any, the legal and ethical things to do before someone
could publicly disclosure a given vulnerability?
--
Giuseppe
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
While US law focused, you might take a look at the few guides by the
EFF (Electronic Frontier Foundation).
http://www.eff.org/issues/coders/vulnerability-reporting-faq
Cheers,
--scm
On Mon, Jun 15, 2009 at 2:14 PM, Giuseppe
Fuggianogiuseppe.fuggi...@gmail.com wrote:
What are, if any, the legal