[development] Irresponsible security researcher

Andrew Berry andrewberry at sentex.net
Wed May 13 15:00:14 UTC 2009


On 12-May-09, at 9:22 PM, Karoly Negyesi wrote:

> This guy believes in full disclosure so much he discloses everything
> he finds instead letting us fix and disclose.

Did he report this issue? http://justin.madirish.net/node/339. I still  
seems exploitable. I see he's been credited for SA's in the past. It's  
a shame that the noise from him is drowning out the real issues he's  
finding.

If there are a sizeable number of issues on his site which he hasn't  
reported, any idea how much of a backlog this will create for the SA  
team? Since the exploits are public, perhaps we should organize to go  
through his site and figure out what is still exploitable.

--Andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2672 bytes
Desc: not available
URL: <http://lists.drupal.org/pipermail/development/attachments/20090513/32e9130e/attachment-0001.bin>


More information about the development mailing list