IBM report reviews Internet crime
Florian Weimer
fw at deneb.enyo.de
Tue Feb 12 19:46:24 UTC 2008
* Owen DeLong:
> If the vulnerability cannot be corrected through a vendor patch, then,
> one has to wonder what, exactly the vulnerability is.
You assume that a vendor patches a vulnerability once they learn about
it. In my experience, this is not true. Sometimes it's easy to explain
(product or vendor ceased to exist), sometimes it's not (some cross-site
scripting issues I'm trying to straighten out; minor bugs to you
perhaps, but huge media exposure because of their visibility and
reproducibility--think FDIV bug).
More information about the NANOG
mailing list