[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] [SE-2012-01] Security weakness in Apple QuickTime Java extensions (details rel
From:       Security Explorations <contact () security-explorations ! com>
Date:       2012-06-28 9:44:28
Message-ID: 4FEC277C.1050000 () security-explorations ! com
[Download RAW message or body]


On 2012-06-26 23:00, Ramo wrote:
>> The more surprising it is to see a vendor's
>> response downplaying the importance of the issue found in its code that
>> can actually contribute to the full blown attack against the users of
>> its software.
>
> This is apple you're talking about, are you really that surprised?

The answer is "yes" and "no":
- Yes - because, that kind of attitude coming from a big software
   vendor with a large users base seems to be rare these days. Also, in
   the past we haven't experienced any issues with the company.
- No - because we are aware that different vendors may act differently
   in response to the information received about security flaws in their
   products. That's one of the reasons behind our disclosure policy,
   vendors status and legal threats pages.

Thank you.

Best Regards,
Adam Gowdiak

---------------------------------------------
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
---------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]