[development] Irresponsible security researcher

Greg Knaddison Greg at GrowingVentureSolutions.com
Wed May 13 15:07:37 UTC 2009


On Wed, May 13, 2009 at 9:00 AM, Andrew Berry <andrewberry at sentex.net> wrote:
> On 12-May-09, at 9:22 PM, Karoly Negyesi wrote:
>
>> This guy believes in full disclosure so much he discloses everything
>> he finds instead letting us fix and disclose.
>
> Did he report this issue? http://justin.madirish.net/node/339. I still seems
> exploitable. I see he's been credited for SA's in the past. It's a shame
> that the noise from him is drowning out the real issues he's finding.

It's the same as http://drupal.org/node/372836 or maybe it's even the
issue that prompted http://drupal.org/node/372836

Either way, it's "addressed."

Regards,
Greg

-- 
Greg Knaddison | 303-800-5623 | http://growingventuresolutions.com
Cracking Drupal - Learn to protect your Drupal site from hackers
Now available from Wiley http://crackingdrupal.com


More information about the development mailing list