Is finding security holes a good idea?

Thor Lancelot Simon tls at rek.tjls.com
Tue Jun 15 02:32:56 EDT 2004


On Mon, Jun 14, 2004 at 08:07:11AM -0700, Eric Rescorla wrote:
> in the paper. 
> 
> Roughly speaking:
> If I as a White Hat find a bug and then don't tell anyone, there's no
> reason to believe it will result in any intrusions.  The bug has to

I don't believe that the premise above is valid.  To believe it, I think
I'd have to hold that there were no correlation between bugs I found and
bugs that others were likely to find; and a lot of experience tells me
very much the opposite.

Thor

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list