[development] Irresponsible security researcher
Andrew Berry
andrewberry at sentex.net
Wed May 13 15:00:14 UTC 2009
On 12-May-09, at 9:22 PM, Karoly Negyesi wrote:
> This guy believes in full disclosure so much he discloses everything
> he finds instead letting us fix and disclose.
Did he report this issue? http://justin.madirish.net/node/339. I still
seems exploitable. I see he's been credited for SA's in the past. It's
a shame that the noise from him is drowning out the real issues he's
finding.
If there are a sizeable number of issues on his site which he hasn't
reported, any idea how much of a backlog this will create for the SA
team? Since the exploits are public, perhaps we should organize to go
through his site and figure out what is still exploitable.
--Andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2672 bytes
Desc: not available
URL: <http://lists.drupal.org/pipermail/development/attachments/20090513/32e9130e/attachment-0001.bin>
More information about the development
mailing list