Is it everybody here so quick to see another person logic flaw, where in fact you just have to think a little further? I did not suggest that you have to give such detail description that will expose exploit right away. But I'm sure in most cases experienced developer/tester can come up with explanatory description without exposing too much. I agree that some problem could be so obvious so any explanation will expose exploit info. Okay, but it is only one case. There are many problems that are not so obvious. Alex Patrick Teglia wrote:
it does not mean that exploit information has to be exposed. But detail description of the problem can help on its own even before solution come out.
I am sorry, but even a guy with a Security+ certification (in other words, me :) ) can see the flawed logic in this statement. A detailed description of the problem is a description of the vulnerability that attackers would EXACTLY be looking for.
Patrick Teglia
On Wed, Oct 1, 2008 at 7:19 AM, Web Developer <lapurd@gmail.com> wrote:
it does not mean that exploit information has to be exposed. But detail description of the problem can help on its own even before solution come out.