Is finding security holes a good idea?
Thor Lancelot Simon
tls at rek.tjls.com
Tue Jun 15 02:32:56 EDT 2004
On Mon, Jun 14, 2004 at 08:07:11AM -0700, Eric Rescorla wrote:
> in the paper.
>
> Roughly speaking:
> If I as a White Hat find a bug and then don't tell anyone, there's no
> reason to believe it will result in any intrusions. The bug has to
I don't believe that the premise above is valid. To believe it, I think
I'd have to hold that there were no correlation between bugs I found and
bugs that others were likely to find; and a lot of experience tells me
very much the opposite.
Thor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list