Robert Brockway wrote:

Most exploits discovered these days are found by those who launch a concerted effort to detect them. By sheer number and amount of effort most of the people who discover exploits are in the security establishment and are not Black Hats.

I, along with most security professionals, maintain that the vendors/developers are better off receiving some amount of warning before the exploit goes public. ...

I find it useful to consider three shades of hat; besides the black hat who will exploit a bug, and the white hat who honestly wants the bug fixed, there's the gray hat who discovers bugs for fame and fortune, and cares more for counting coup with his name in Bugtraq than for actually getting it fixed. -- Anthony de Boer -- The Toronto Linux Users Group. Meetings: http://tlug.ss.org TLUG requests: Linux topics, No HTML, wrap text below 80 columns How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml