Hmm...that is interesting. I assure you that they were notified and were given all of the information in the original post to Full-Disclosure at http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/036022.html well before it was posted. I was surprised that there was no reply also. However, they are a large company. Things can slip through the cracks I guess. As to the statement that was made about not following "standard industry practices", I could only assume that they would add that to save face. But it doesn't bother me too much because I had the best of intentions when attempting to notifying them and disclosing the vulnerability. On 8/15/05, NoBrain NoPain <nobnop@xxxxxxxxx> wrote: > Hello, > > Reed Arvin wrote: > > Patches/Workarounds: > > The vendor was notified of the issue. There was no response. > > Vendor Response: > http://knowledgemap.nai.com/KanisaSupportSite/search.do?cmd=displayKC&docType=kc&externalId=KBkb42216xml&language=en_US > > One can find there: "McAfee was not notified in advance of this > vulnerability per "standard industry practices". It would be > interesting when you contacted McAfee and what you told them...;) > > -- nobnop >
