spf-discuss
[Top] [All Lists]

Re: Managing exploits

2004-10-14 15:19:28
So, how does one responsibly disclose an issue in a public list for a project without causing some potentially sort term yet foreseeable implementation problems for some SPF application developers?

The best way is to openly disclose it right here, right now, on this list. *IF* the problem were a specific vulnerability with a specific set of implementations, *THEN* perhaps it would be best to first contact the developers of such software and determine how quickly they can implement a patch, and then to time your public disclosure to match the release of the fixed software.

However, I get the sense that your concern is a general issue with the SPF protocol, and that some tweaks to the protocol, or the standard way of implementing it would close the hole you see. Therefore, the best way is to get it out in the open as soon as possible.

        - Mark

Mark Lentczner
http://www.ozonehouse.com/mark/
markl(_at_)glyphic(_dot_)com


<Prev in Thread] Current Thread [Next in Thread>