[development] Certify Drupal for use in Government (US) Projects
Web Developer
lapurd at gmail.com
Wed Oct 1 14:08:59 UTC 2008
Is it everybody here so quick to see another person logic flaw, where in
fact you just have to think a little further?
I did not suggest that you have to give such detail description that
will expose exploit right away.
But I'm sure in most cases experienced developer/tester can come up with
explanatory description without exposing too much.
I agree that some problem could be so obvious so any explanation will
expose exploit info. Okay, but it is only one case.
There are many problems that are not so obvious.
Alex
Patrick Teglia wrote:
> it does not mean that exploit information has to be exposed. But detail
> description of the problem can help on its own even before solution come
> out.
>
> I am sorry, but even a guy with a Security+ certification (in other words,
> me :) ) can see the flawed logic in this statement. A detailed description
> of the problem is a description of the vulnerability that attackers would
> EXACTLY be looking for.
>
> Patrick Teglia
>
>
> On Wed, Oct 1, 2008 at 7:19 AM, Web Developer <lapurd at gmail.com> wrote:
>
>
>> it does not mean that exploit information has to be exposed. But detail
>> description of the problem can help on its own even before solution come
>> out.
>>
>
>
More information about the development
mailing list