On Mon, May 24, 2010 at 12:07 PM, Jerry Schwartz <jerry@stripped> wrote:
>>From: Rob Wultsch [mailto:wultsch@stripped]
>>Sent: Saturday, May 22, 2010 11:52 AM
>>To: Martin Gainty
>>Subject: Re: Security issues
>>On Sat, May 22, 2010 at 5:44 AM, Martin Gainty <mgainty@stripped> wrote:
>>> Good Morning Rob-
>>> one vulnerability (with UDFs)
>>> a manager considering a enterprise-wide security solution may want
>>> to consider Oracle Identity Manager (with Glassfish 3.2)
>>> Does this help?
>>> Martin Gainty
>>Thank you for the reply.
>>The guys across the street have a single page with cliff notes about
>>every vulnerability effecting every supported version*. The page I
>>noted was comprehensive. Martin, what you listed was a page with an
>>single vuln and a page which looks like a product.
> [JS] This is always a tough call for a software developer. On the one hand,
> announcing an unfixed problem alerts users; but at the same time, it also
> alerts abusers. Some companies go one way, some go the other.
> Jerry Schwartz
> Global Information Incorporated
> 195 Farmington Ave.
> Farmington, CT 06032
> 860.674.8796 / FAX: 860.674.8341
I explicitly do not want a list of unfixed problems. I want a list of
fixed issues and what versions are effected.