good chemistry is complicated, and a little bit messy -LW |
|
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
In the end I know for a fact that I closed one security hole and I am reasonably sure that I didn't introduce any new problems. i get the impression that this is a script that the company makes available to the public. if you know for a fact that you closed a security hole, it would logically imply that the version the company is distributing contains a security hole. i think the responsible thing to do would be to publish the vulnerability on bugtraq or some other appropriate forum. if other people are using it, publishing the vulnerability may encourage them to either remove it from their servers or fix it. it would also perhaps encourage the company to integrate some of your changes and maybe consider being a little nicer to people who send them patches in the future. In reply to Re: Re: Re: Blackbox implementation, but....
by thraxil
|
|