|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: UK ISP threatens security researcher
On Fri, 20 Apr 2007, Gadi Evron wrote: > > On Fri, 20 Apr 2007, Simon Lyall wrote: > > > > On Thu, 19 Apr 2007, Gadi Evron wrote: > > > Looking at the lack of security response and seriousness from this > > > ISP, I personally, in hindsight (although it was impossible to see > > > back then) would not waste time with reporting issues to them, now. > > > > These days there is almost never any reason to report a security issue > > unless you are a professional security researcher who is looking for > > publicity/work. [1] > > Now, that is off-topic to NANOG. Just because you disagree with someone's opinion, doesn't make it offtopic. > One comment: just because they are not reported does not mean they are > not used. Proved beyond doubt this past year with all the 0day attacks > and targeted attacks going on. I'm not sure if Simon's comment was tongue-in-cheek. I think if you are referring to "public disclosure", yes, I think there's little point of doing this, unless you are seeking attention. Of course, reporting a problem to vendor privately always makes sense. I'm not sure the debate on public disclosure vs private falls under NANOG AUP. -alex
|