Month: August 2005

  • If a tree falls in the woods…

    [This was originally published on the OSVDB blog.] If a researcher discloses a vulnerability only to VDBs, and some/all of them publish the information, was the vulnerability really disclosed? Yes, of course, but should it have been? Are VDBs responsible for the information? Does it fall on us to check every thing we get and […]

  • Fiasco: BlackHat, Cisco, ISS, Lynn

    [This was originally published on the OSVDB blog.] There are far too many articles covering this topic to justify me rewriting the story in my own words. So in summary, relevant links with background. End up with Schneier’s commentary for a good summary and additional links. BlackHat Briefings: Cisco IOS Security Architecture by Michael Lynn […]